| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ist mein PC Viren und Trojanerfrei?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2013, 17:07
| #1 |
 |  Ist mein PC Viren und Trojanerfrei? Hi, also wie folgt hat es sich verhalten. Unsere Website war befallen durch ein böses Skript und eine FTP-Attacke hatten wir auch. Der FTP wurde per Backup gerettet, das Skript versteckte sich bis heute hartnäckig in einer Datei. Der PC wurde zwar schon einmal platt gemacht, aber welche Möglichkeiten gibt es jetzt noch um 100% sicher zu sein, dass ich von diesem wieder aus arbeiten kann? Antivirenprogramm (Mcafee) ist vorhanden sowie Firewall ist aktiviert. |
|
19.02.2013, 17:17
| #2 |
| /// Malware-holic   | Ist mein PC Viren und Trojanerfrei? hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
20.02.2013, 08:32
| #3 |
| | Ist mein PC Viren und Trojanerfrei? Morgen,
__________________Hier die zwei Dateien: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 20.02.2013 07:54:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,24 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,15% Memory free
6,48 Gb Paging File | 5,08 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,50 Gb Total Space | 254,87 Gb Free Space | 86,55% Space Free | Partition Type: NTFS
Computer Name: ** | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{565FD504-380B-4932-B72B-650DBABA26E3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{586DA902-68E1-4550-9393-B2DBA3BD6EB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B5866212-5431-428F-88FD-45BB933406CF}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6BF72-A454-47E4-8BF7-28D53CD2A416}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{09661042-4323-4321-A3B2-45CB4387CEF3}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe |
"{096CD2DD-83FB-4353-8846-F38AD87F0E64}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{0D4EF3C2-9A8D-494C-B039-2B8C37127065}" = protocol=17 | dir=in | app=c:\program files\estos\procall 3\clninst.exe |
"{3950BD9C-9628-4D8E-90C6-3B1C7730FDC3}" = protocol=17 | dir=in | app=c:\windows\system32\eacusrv.exe |
"{57D00C2E-982B-4565-871C-272C3C1EA541}" = protocol=6 | dir=in | app=c:\program files\estos\procall 3\clninst.exe |
"{6D624E64-28BA-4045-8857-59CBBA35F906}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{732C54D6-0415-4359-AFA1-B708AB389916}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{81E77F0A-4176-4C52-85C3-5BA025050FAA}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{87655B42-4864-4C30-833D-A553B27BEEEA}" = protocol=6 | dir=in | app=c:\windows\system32\eacusrv.exe |
"{941BA3CB-C6E7-4F65-9F7C-463AB988BE4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AAE45CBE-2DE3-4F72-8335-EB048265DEFF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{AEBB6852-2122-42C2-BBED-EDDCAAD5589C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AF58E3EF-9547-4793-8D5D-F1BCF728686B}" = protocol=6 | dir=in | app=c:\windows\system32\eacusrv.exe |
"{B5FB47DE-CDE2-494B-A77E-7E7FD58610BC}" = dir=in | app=c:\program files\microsoft lync\communicator.exe |
"{B8680364-963C-4482-A648-7555841D025E}" = protocol=17 | dir=in | app=c:\windows\system32\eacusrv.exe |
"{C046F48A-049C-499D-BB57-24F0AAD74CA6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EC2797B8-DCA3-44A2-868A-1F047EDCEEDD}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{ED764AF0-8DBD-47AC-A040-87CFD840B7E0}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{EE8F86AE-84E1-4AF2-8C3E-EFDA061F9697}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix Online Plug-in (SSON)
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix Online Plug-in (USB)
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix Online Plug-in (Web)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{43B9A676-F3EA-4B2F-BD49-E272B66E2B1F}" = ESTOS ProCall
"{46F2A190-3663-48FB-B11B-2AEEEB968C94}" = Microsoft Online Services-Anmelde-Assistent
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix Online Plug-in (HDX)
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix Online Plug-in (DV)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix Online Plug-in (PNA)
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD59A4BA-8486-43C8-97C7-2536725FD09C}" = McAfee SiteAdvisor Enterprise
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe FrameMaker 7.1" = Adobe FrameMaker v7.1
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"NAV" = Norton AntiVirus
"Notepad++" = Notepad++
"NST" = Norton Identity Safe
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Outlook Connector for MDaemon Plug-in" = Outlook Connector for MDaemon Plug-in
"TeamViewer 5 Host" = TeamViewer 5 Host
"TVWiz" = Intel(R) TV Wizard
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2013 07:32:53 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.02.2013 07:32:54 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.02.2013 07:33:04 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.02.2013 02:09:44 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.02.2013 02:09:45 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.02.2013 02:11:09 | Computer Name = **.local | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 02:11:02 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.02.2013 02:11:04 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.02.2013 02:11:57 | Computer Name = **.local | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 02:53:47 | Computer Name = **.local | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17ac Startzeit:
01ce0f36a26a34fb Endzeit: 16 Anwendungspfad: C:\Users\Simetz\Desktop\OTL.exe Berichts-ID:
3a754ce6-7b2a-11e2-83d2-002197158ff3
[ System Events ]
Error - 14.02.2013 10:28:46 | Computer Name = **.**.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:33:56 | Computer Name = **.RVS1.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:39:06 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:44:16 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:49:26 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:54:36 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 10:59:46 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 11:04:57 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.02.2013 11:10:07 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1 :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse ** registriert werden. Der Computer mit IP-Adresse **
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 19.02.2013 02:09:25 | Computer Name = **.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne RVS1 aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
< End of report >
Code:
ATTFilter OTL logfile created on: 20.02.2013 07:54:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,24 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,15% Memory free 6,48 Gb Paging File | 5,08 Gb Available in Paging File | 78,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294,50 Gb Total Space | 254,87 Gb Free Space | 86,55% Space Free | Partition Type: NTFS Computer Name: ** | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Norton AntiVirus\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe () PRC - C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mfeann.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\McAfee\SiteAdvisor Enterprise\saHookMain.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Programme\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.) PRC - C:\Windows\System32\EACUSrv.exe (ESTOS GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll () MOD - C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe () MOD - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\wincfi39.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe (Symantec Corporation) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (RumorServer) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.) SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.) SRV - (EACUSrv) -- C:\Windows\System32\EACUSrv.exe (ESTOS GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (msoidsvc) -- C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PnSson) -- File not found DRV - (mfeavfk01) -- File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\navex15.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\naveng.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1402010.016\symnets.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation) DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.sys (Symantec Corporation) DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation) DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 DC 55 34 1A FE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.02.20 07:12:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2013.02.19 11:52:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013.02.20 07:10:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 07:33:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 10:58:24 | 000,000,000 | ---D | M] [2013.01.29 14:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2013.02.06 07:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.06 07:33:54 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130129133050.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [ECtiClient] C:\Program Files\ESTOS\ProCall 3\eCtiClient.exe (ESTOS GmbH) O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [InstHwApi] C:\Program Files\McAfee\Managed VirusScan\Agent\myInx.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RVS1.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4127E74-D69B-4768-A57C-2C38E49B03CF}: NameServer = 172.19.176.11,172.19.180.144 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{799879e2-6a00-11e2-882b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{799879e2-6a00-11e2-882b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 07:32:14 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.sys [2013.02.20 07:32:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD02010.021 [2013.02.19 13:28:45 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symnets.sys [2013.02.19 13:28:45 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.sys [2013.02.19 13:28:44 | 000,927,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.sys [2013.02.19 13:28:44 | 000,586,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.sys [2013.02.19 13:28:44 | 000,368,288 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symds.sys [2013.02.19 13:28:44 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\ironx86.sys [2013.02.19 13:28:44 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.sys [2013.02.19 13:28:44 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.sys [2013.02.19 13:28:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1402010.016 [2013.02.19 11:51:49 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.sys [2013.02.19 11:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST [2013.02.19 11:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD02000.012 [2013.02.19 11:51:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe [2013.02.19 11:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe [2013.02.19 11:51:38 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.02.19 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.02.19 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.02.19 11:50:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV [2013.02.19 11:50:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2013.02.19 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus [2013.02.19 11:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.02.19 11:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.02.19 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2013.02.13 10:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync [2013.02.13 10:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync [2013.02.13 10:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.13 10:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.13 10:56:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing [2013.02.13 10:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\OCSetup [2013.02.06 07:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.31 10:49:55 | 000,000,000 | ---D | C] -- C:\OkiDriver [2013.01.31 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2013.01.31 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [2013.01.31 08:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR [2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.31 08:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.31 07:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\FrameMaker7.1 [2013.01.31 07:53:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2013.01.30 07:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2013.01.29 15:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.01.29 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2013.01.29 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.01.29 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.01.29 14:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.29 14:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.29 14:18:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.29 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Notepad++ [2013.01.29 14:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2013.01.29 14:13:11 | 000,000,000 | ---D | C] -- C:\Alter_PCs [2013.01.29 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2013.01.29 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla [2013.01.29 14:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.01.29 14:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.29 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix [2013.01.29 14:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix [2013.01.29 14:07:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICAClient [2013.01.29 14:07:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix [2013.01.29 14:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2013.01.29 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTOS [2013.01.29 14:06:02 | 003,306,824 | ---- | C] (ESTOS GmbH) -- C:\Windows\System32\EACUSrv.exe [2013.01.29 14:05:57 | 000,872,448 | ---- | C] (ESTOS GmbH) -- C:\Windows\System32\edial.tsp [2013.01.29 14:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTOS [2013.01.29 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESTOS [2013.01.29 14:04:48 | 000,373,248 | ---- | C] (Alt-N Technologies) -- C:\Windows\System32\MDConnector32X.dll [2013.01.29 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook Connector for MDaemon Plug-in [2013.01.29 14:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Connector for MDaemon Plug-in [2013.01.29 14:04:47 | 003,024,384 | ---- | C] (Alt-N Technologies, Ltd.) -- C:\Windows\System32\MDConnector32.dll [2013.01.29 14:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alt-N Technologies [2013.01.29 14:02:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer [2013.01.29 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2013.01.29 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2013.01.29 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.01.29 13:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.01.29 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.01.29 13:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.01.29 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.01.29 13:52:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help [2013.01.29 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.01.29 13:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.01.29 13:51:45 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.01.29 13:30:50 | 000,090,576 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll [2013.01.29 13:30:50 | 000,024,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll [2013.01.29 13:30:49 | 000,009,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys [2013.01.29 13:29:59 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe [2013.01.29 13:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2013.01.29 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\McAfee [2013.01.29 13:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.01.29 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2013.01.29 13:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.01.29 13:13:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2013.01.29 13:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.01.29 12:55:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2013.01.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2013.01.29 12:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4 [2013.01.29 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2013.01.29 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2013.01.29 12:31:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.29 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2013.01.29 12:13:51 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2013.01.29 12:13:44 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten [2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten [2013.01.29 12:13:44 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.29 11:44:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.29 11:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.29 11:41:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.29 11:41:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2013.02.20 07:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.20 07:18:48 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 07:18:48 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.20 07:16:11 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.20 07:16:11 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.20 07:16:11 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.20 07:16:11 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.20 07:10:33 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2013.02.20 07:10:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.20 07:10:11 | 001,125,033 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\Cat.DB [2013.02.20 07:10:01 | 2609,569,792 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 07:09:49 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\VT20130115.021 [2013.02.19 11:51:38 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.02.19 11:51:38 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.02.19 11:51:38 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.02.19 08:56:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.15 07:21:18 | 000,432,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.31 09:35:09 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.01.31 09:35:08 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.29 14:37:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.29 14:18:06 | 000,001,029 | ---- | M] () -- C:\Users\Administrator\Desktop\Notepad++.lnk [2013.01.29 14:08:35 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.29 14:07:29 | 000,002,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk [2013.01.29 14:01:51 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5 Host.lnk [2013.01.29 12:36:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.01.29 12:13:30 | 000,002,958 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.01.29 11:45:10 | 000,055,513 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2013.02.20 07:32:11 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.cat [2013.02.20 07:32:11 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.inf [2013.02.20 07:32:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\isolate.ini [2013.02.20 07:09:49 | 001,125,033 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\Cat.DB [2013.02.20 07:09:49 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\VT20130115.021 [2013.02.19 13:28:45 | 000,007,601 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symnet.cat [2013.02.19 13:28:45 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symnet.inf [2013.02.19 13:28:44 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.cat [2013.02.19 13:28:44 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.cat [2013.02.19 13:28:44 | 000,007,599 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.cat [2013.02.19 13:28:44 | 000,007,597 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.cat [2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symds.cat [2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.cat [2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\iron.cat [2013.02.19 13:28:44 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.inf [2013.02.19 13:28:44 | 000,002,851 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symds.inf [2013.02.19 13:28:44 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.inf [2013.02.19 13:28:44 | 000,001,387 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.inf [2013.02.19 13:28:44 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.inf [2013.02.19 13:28:44 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.inf [2013.02.19 13:28:44 | 000,000,737 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\iron.inf [2013.02.19 13:28:16 | 000,009,103 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symvtcer.dat [2013.02.19 13:28:16 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\isolate.ini [2013.02.19 11:51:44 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.cat [2013.02.19 11:51:44 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.inf [2013.02.19 11:51:44 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\isolate.ini [2013.02.19 11:51:38 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.02.19 11:51:38 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.02.19 11:51:31 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk [2013.02.19 08:56:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.31 09:35:09 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2013.01.31 09:35:08 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.30 07:34:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.29 14:37:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.29 14:37:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.29 14:18:06 | 000,001,029 | ---- | C] () -- C:\Users\Administrator\Desktop\Notepad++.lnk [2013.01.29 14:08:35 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.29 14:08:35 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.29 14:07:29 | 000,002,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk [2013.01.29 14:01:51 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5 Host.lnk [2013.01.29 14:01:51 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5 Host.lnk [2013.01.29 13:13:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2013.01.29 13:13:30 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp [2013.01.29 12:40:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.29 12:39:49 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.29 12:36:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.01.29 12:14:03 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.29 12:13:30 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.01.29 11:44:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.01.29 11:44:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.01.29 11:41:53 | 2609,569,792 | -HS- | C] () -- C:\hiberfil.sys [2011.04.12 03:19:24 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 03:19:24 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 03:19:24 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 03:19:24 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.29 14:07:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient [2013.01.29 14:18:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++ [2013.01.29 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.29 14:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.31 09:04:38 | 000,000,000 | ---D | M] -- C:\Alter_PCs [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.29 13:51:45 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.01.31 11:14:40 | 000,000,000 | ---D | M] -- C:\OkiDriver [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.19 11:51:42 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.19 11:50:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Programme [2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.20 07:56:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.29 14:10:28 | 000,000,000 | R--D | M] -- C:\Users [2013.01.31 08:15:29 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2012.02.15 19:38:52 | 000,872,448 | ---- | M] (ESTOS GmbH) -- C:\Windows\system32\edial.tsp [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,007,436 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013.01.30 07:34:23 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.20 08:04:55 | 000,786,432 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2013.02.20 08:04:54 | 000,262,144 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG1 [2013.01.29 12:13:44 | 000,000,000 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG2 [2013.01.29 13:10:11 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2013.01.29 13:10:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2013.01.29 13:10:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.01.29 15:41:15 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TM.blf [2013.01.29 15:41:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TMContainer00000000000000000001.regtrans-ms [2013.01.29 15:41:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TMContainer00000000000000000002.regtrans-ms [2013.02.14 07:28:35 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TM.blf [2013.02.14 07:28:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TMContainer00000000000000000001.regtrans-ms [2013.02.14 07:28:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TMContainer00000000000000000002.regtrans-ms [2013.01.29 12:13:44 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Geändert von Galikor (20.02.2013 um 08:55 Uhr) |
|
20.02.2013, 12:31
| #4 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.02.2013, 12:51
| #5 |
| | Ist mein PC Viren und Trojanerfrei?Code:
ATTFilter 12:49:40.0993 0468 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:41.0118 0468 ============================================================
12:49:41.0118 0468 Current date / time: 2013/02/20 12:49:41.0118
12:49:41.0118 0468 SystemInfo:
12:49:41.0118 0468
12:49:41.0118 0468 OS Version: 6.1.7601 ServicePack: 1.0
12:49:41.0118 0468 Product type: Workstation
12:49:41.0118 0468 ComputerName: MARKETING-PC7
12:49:41.0118 0468 UserName: Administrator
12:49:41.0118 0468 Windows directory: C:\Windows
12:49:41.0118 0468 System windows directory: C:\Windows
12:49:41.0118 0468 Processor architecture: Intel x86
12:49:41.0118 0468 Number of processors: 4
12:49:41.0118 0468 Page size: 0x1000
12:49:41.0118 0468 Boot type: Normal boot
12:49:41.0118 0468 ============================================================
12:49:42.0693 0468 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:49:42.0693 0468 ============================================================
12:49:42.0693 0468 \Device\Harddisk0\DR0:
12:49:42.0693 0468 MBR partitions:
12:49:42.0693 0468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:49:42.0693 0468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24CFD800
12:49:42.0693 0468 ============================================================
12:49:42.0725 0468 C: <-> \Device\Harddisk0\DR0\Partition2
12:49:42.0725 0468 ============================================================
12:49:42.0725 0468 Initialize success
12:49:42.0725 0468 ============================================================
12:50:06.0514 5920 ============================================================
12:50:06.0514 5920 Scan started
12:50:06.0514 5920 Mode: Manual; SigCheck; TDLFS;
12:50:06.0514 5920 ============================================================
12:50:07.0169 5920 ================ Scan system memory ========================
12:50:07.0169 5920 System memory - ok
12:50:07.0169 5920 ================ Scan services =============================
12:50:07.0309 5920 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:50:07.0403 5920 1394ohci - ok
12:50:07.0450 5920 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:50:07.0465 5920 ACPI - ok
12:50:07.0497 5920 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:50:07.0575 5920 AcpiPmi - ok
12:50:07.0637 5920 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:50:07.0653 5920 AdobeARMservice - ok
12:50:07.0684 5920 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:07.0699 5920 AdobeFlashPlayerUpdateSvc - ok
12:50:07.0746 5920 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:50:07.0762 5920 adp94xx - ok
12:50:07.0777 5920 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:50:07.0793 5920 adpahci - ok
12:50:07.0809 5920 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:50:07.0824 5920 adpu320 - ok
12:50:07.0855 5920 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:50:07.0933 5920 AeLookupSvc - ok
12:50:08.0058 5920 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:50:08.0167 5920 AFD - ok
12:50:08.0183 5920 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:50:08.0199 5920 agp440 - ok
12:50:08.0245 5920 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:50:08.0261 5920 aic78xx - ok
12:50:08.0292 5920 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:50:08.0339 5920 ALG - ok
12:50:08.0355 5920 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:50:08.0370 5920 aliide - ok
12:50:08.0386 5920 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:50:08.0401 5920 amdagp - ok
12:50:08.0417 5920 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:50:08.0433 5920 amdide - ok
12:50:08.0448 5920 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:50:08.0464 5920 AmdK8 - ok
12:50:08.0479 5920 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:50:08.0511 5920 AmdPPM - ok
12:50:08.0542 5920 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:50:08.0557 5920 amdsata - ok
12:50:08.0589 5920 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:50:08.0604 5920 amdsbs - ok
12:50:08.0620 5920 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:50:08.0635 5920 amdxata - ok
12:50:08.0651 5920 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:50:08.0682 5920 AppID - ok
12:50:08.0713 5920 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:50:08.0760 5920 AppIDSvc - ok
12:50:08.0776 5920 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:50:08.0823 5920 Appinfo - ok
12:50:08.0838 5920 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:50:08.0885 5920 AppMgmt - ok
12:50:08.0901 5920 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
12:50:08.0916 5920 arc - ok
12:50:08.0932 5920 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:50:08.0947 5920 arcsas - ok
12:50:08.0947 5920 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:50:09.0072 5920 AsyncMac - ok
12:50:09.0103 5920 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:50:09.0119 5920 atapi - ok
12:50:09.0135 5920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:50:09.0197 5920 AudioEndpointBuilder - ok
12:50:09.0197 5920 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:50:09.0228 5920 Audiosrv - ok
12:50:09.0244 5920 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:50:09.0306 5920 AxInstSV - ok
12:50:09.0337 5920 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
12:50:09.0369 5920 b06bdrv - ok
12:50:09.0431 5920 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:50:09.0478 5920 b57nd60x - ok
12:50:09.0540 5920 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:50:09.0603 5920 BDESVC - ok
12:50:09.0634 5920 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:50:09.0681 5920 Beep - ok
12:50:09.0712 5920 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:50:09.0759 5920 BFE - ok
12:50:10.0055 5920 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
12:50:10.0102 5920 BHDrvx86 - ok
12:50:10.0133 5920 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:50:10.0180 5920 BITS - ok
12:50:10.0180 5920 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:50:10.0211 5920 blbdrive - ok
12:50:10.0242 5920 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:50:10.0273 5920 bowser - ok
12:50:10.0305 5920 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:50:10.0336 5920 BrFiltLo - ok
12:50:10.0351 5920 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:50:10.0383 5920 BrFiltUp - ok
12:50:10.0414 5920 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:50:10.0461 5920 Browser - ok
12:50:10.0492 5920 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:50:10.0554 5920 Brserid - ok
12:50:10.0554 5920 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:50:10.0570 5920 BrSerWdm - ok
12:50:10.0585 5920 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:10.0601 5920 BrUsbMdm - ok
12:50:10.0601 5920 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:50:10.0632 5920 BrUsbSer - ok
12:50:10.0632 5920 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:50:10.0648 5920 BTHMODEM - ok
12:50:10.0695 5920 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:50:10.0726 5920 bthserv - ok
12:50:10.0819 5920 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NAV C:\Windows\system32\drivers\NAV\1402010.016\ccSetx86.sys
12:50:10.0819 5920 ccSet_NAV - ok
12:50:10.0897 5920 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NST C:\Windows\system32\drivers\NST\7DD02010.021\ccSetx86.sys
12:50:10.0913 5920 ccSet_NST - ok
12:50:10.0944 5920 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:50:10.0991 5920 cdfs - ok
12:50:11.0022 5920 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:50:11.0053 5920 cdrom - ok
12:50:11.0084 5920 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:50:11.0131 5920 CertPropSvc - ok
12:50:11.0147 5920 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
12:50:11.0162 5920 circlass - ok
12:50:11.0178 5920 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:50:11.0194 5920 CLFS - ok
12:50:11.0256 5920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:11.0272 5920 clr_optimization_v2.0.50727_32 - ok
12:50:11.0334 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:11.0350 5920 clr_optimization_v4.0.30319_32 - ok
12:50:11.0381 5920 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:50:11.0396 5920 CmBatt - ok
12:50:11.0412 5920 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:50:11.0428 5920 cmdide - ok
12:50:11.0459 5920 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:50:11.0490 5920 CNG - ok
12:50:11.0490 5920 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:50:11.0506 5920 Compbatt - ok
12:50:11.0521 5920 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:50:11.0552 5920 CompositeBus - ok
12:50:11.0568 5920 COMSysApp - ok
12:50:11.0584 5920 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:50:11.0599 5920 crcdisk - ok
12:50:11.0646 5920 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:50:11.0693 5920 CryptSvc - ok
12:50:11.0708 5920 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:50:11.0755 5920 CSC - ok
12:50:11.0786 5920 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:50:11.0833 5920 CscService - ok
12:50:11.0880 5920 [ A1998B05CDB931DEB5C653DE13D56E13 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
12:50:11.0896 5920 ctxusbm - ok
12:50:11.0927 5920 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:50:11.0974 5920 DcomLaunch - ok
12:50:12.0020 5920 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:50:12.0067 5920 defragsvc - ok
12:50:12.0098 5920 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:50:12.0130 5920 DfsC - ok
12:50:12.0161 5920 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:50:12.0223 5920 Dhcp - ok
12:50:12.0223 5920 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:50:12.0270 5920 discache - ok
12:50:12.0301 5920 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
12:50:12.0317 5920 Disk - ok
12:50:12.0332 5920 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
12:50:12.0379 5920 dmvsc - ok
12:50:12.0395 5920 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:50:12.0426 5920 Dnscache - ok
12:50:12.0457 5920 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:50:12.0488 5920 dot3svc - ok
12:50:12.0504 5920 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:50:12.0551 5920 DPS - ok
12:50:12.0566 5920 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:50:12.0582 5920 drmkaud - ok
12:50:12.0613 5920 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:50:12.0644 5920 DXGKrnl - ok
12:50:12.0738 5920 [ 0B97B5DC841953432A4B88ECBC1A1C4D ] EACUSrv C:\Windows\system32\EACUSrv.exe
12:50:12.0816 5920 EACUSrv - ok
12:50:12.0847 5920 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:50:12.0894 5920 EapHost - ok
12:50:13.0019 5920 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
12:50:13.0097 5920 ebdrv - ok
12:50:13.0144 5920 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:50:13.0502 5920 eeCtrl - ok
12:50:13.0534 5920 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:50:13.0565 5920 EFS - ok
12:50:13.0627 5920 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:50:13.0674 5920 ehRecvr - ok
12:50:13.0674 5920 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:50:13.0705 5920 ehSched - ok
12:50:13.0736 5920 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:50:13.0768 5920 elxstor - ok
12:50:13.0814 5920 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:50:13.0877 5920 EraserUtilRebootDrv - ok
12:50:13.0892 5920 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:50:13.0908 5920 ErrDev - ok
12:50:13.0955 5920 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:50:14.0017 5920 EventSystem - ok
12:50:14.0033 5920 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:50:14.0064 5920 exfat - ok
12:50:14.0080 5920 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:50:14.0126 5920 fastfat - ok
12:50:14.0173 5920 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:50:14.0220 5920 Fax - ok
12:50:14.0236 5920 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
12:50:14.0251 5920 fdc - ok
12:50:14.0267 5920 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:50:14.0298 5920 fdPHost - ok
12:50:14.0298 5920 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:50:14.0329 5920 FDResPub - ok
12:50:14.0360 5920 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:50:14.0376 5920 FileInfo - ok
12:50:14.0376 5920 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:50:14.0423 5920 Filetrace - ok
12:50:14.0423 5920 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:50:14.0438 5920 flpydisk - ok
12:50:14.0454 5920 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:50:14.0470 5920 FltMgr - ok
12:50:14.0501 5920 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
12:50:14.0548 5920 FontCache - ok
12:50:14.0594 5920 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:14.0610 5920 FontCache3.0.0.0 - ok
12:50:14.0626 5920 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:50:14.0641 5920 FsDepends - ok
12:50:14.0672 5920 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:50:14.0688 5920 Fs_Rec - ok
12:50:14.0704 5920 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:50:14.0735 5920 fvevol - ok
12:50:14.0750 5920 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:50:14.0766 5920 gagp30kx - ok
12:50:14.0797 5920 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:50:14.0844 5920 gpsvc - ok
12:50:14.0860 5920 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:50:14.0891 5920 hcw85cir - ok
12:50:14.0922 5920 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:50:14.0953 5920 HdAudAddService - ok
12:50:15.0016 5920 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:50:15.0047 5920 HDAudBus - ok
12:50:15.0062 5920 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:50:15.0094 5920 HidBatt - ok
12:50:15.0109 5920 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:50:15.0140 5920 HidBth - ok
12:50:15.0156 5920 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:50:15.0172 5920 HidIr - ok
12:50:15.0203 5920 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:50:15.0250 5920 hidserv - ok
12:50:15.0281 5920 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:50:15.0312 5920 HidUsb - ok
12:50:15.0328 5920 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:50:15.0359 5920 hkmsvc - ok
12:50:15.0390 5920 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:50:15.0468 5920 HomeGroupListener - ok
12:50:15.0484 5920 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:50:15.0530 5920 HomeGroupProvider - ok
12:50:15.0546 5920 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:50:15.0562 5920 HpSAMD - ok
12:50:15.0593 5920 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:50:15.0624 5920 HTTP - ok
12:50:15.0640 5920 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:50:15.0655 5920 hwpolicy - ok
12:50:15.0671 5920 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:50:15.0702 5920 i8042prt - ok
12:50:15.0749 5920 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:50:15.0764 5920 iaStorV - ok
12:50:15.0811 5920 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:15.0842 5920 idsvc - ok
12:50:16.0014 5920 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys
12:50:16.0030 5920 IDSVix86 - ok
12:50:16.0154 5920 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:50:16.0404 5920 igfx - ok
12:50:16.0435 5920 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:50:16.0451 5920 iirsp - ok
12:50:16.0498 5920 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:50:16.0560 5920 IKEEXT - ok
12:50:16.0560 5920 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:50:16.0576 5920 intelide - ok
12:50:16.0591 5920 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:50:16.0607 5920 intelppm - ok
12:50:16.0622 5920 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:50:16.0654 5920 IPBusEnum - ok
12:50:16.0669 5920 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:50:16.0700 5920 IpFilterDriver - ok
12:50:16.0747 5920 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:50:16.0794 5920 iphlpsvc - ok
12:50:16.0810 5920 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:50:16.0825 5920 IPMIDRV - ok
12:50:16.0856 5920 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:50:16.0903 5920 IPNAT - ok
12:50:16.0919 5920 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:50:16.0950 5920 IRENUM - ok
12:50:16.0965 5920 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:50:16.0981 5920 isapnp - ok
12:50:16.0997 5920 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:50:17.0028 5920 iScsiPrt - ok
12:50:17.0028 5920 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:50:17.0043 5920 kbdclass - ok
12:50:17.0075 5920 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:50:17.0090 5920 kbdhid - ok
12:50:17.0106 5920 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:50:17.0121 5920 KeyIso - ok
12:50:17.0153 5920 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:50:17.0168 5920 KSecDD - ok
12:50:17.0168 5920 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:50:17.0184 5920 KSecPkg - ok
12:50:17.0215 5920 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:50:17.0246 5920 KtmRm - ok
12:50:17.0277 5920 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:50:17.0324 5920 LanmanServer - ok
12:50:17.0371 5920 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:50:17.0402 5920 LanmanWorkstation - ok
12:50:17.0449 5920 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:50:17.0496 5920 lltdio - ok
12:50:17.0511 5920 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:50:17.0543 5920 lltdsvc - ok
12:50:17.0558 5920 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:50:17.0605 5920 lmhosts - ok
12:50:17.0621 5920 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:50:17.0636 5920 LSI_FC - ok
12:50:17.0652 5920 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:50:17.0667 5920 LSI_SAS - ok
12:50:17.0683 5920 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:50:17.0714 5920 LSI_SAS2 - ok
12:50:17.0714 5920 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:50:17.0745 5920 LSI_SCSI - ok
12:50:17.0761 5920 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:50:17.0792 5920 luafv - ok
12:50:17.0839 5920 [ AFAD61262CC1A36E8B089DE9A1A54060 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
12:50:17.0855 5920 McAfee SiteAdvisor Enterprise Service - ok
12:50:17.0901 5920 [ 1BC80196637B64D019D433DDABEE675B ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:50:17.0933 5920 McShield - ok
12:50:17.0948 5920 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:50:17.0964 5920 Mcx2Svc - ok
12:50:18.0011 5920 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
12:50:18.0026 5920 megasas - ok
12:50:18.0026 5920 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:50:18.0042 5920 MegaSR - ok
12:50:18.0073 5920 [ F86FA6BC8BF8FFBE36C55F65EB2D0EC5 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:50:18.0089 5920 mfeapfk - ok
12:50:18.0120 5920 [ 7FEFCE58BB67B1176CB8581907011094 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:50:18.0135 5920 mfeavfk - ok
12:50:18.0151 5920 mfeavfk01 - ok
12:50:18.0167 5920 [ B08B78E675929F6B17F5307957762A5A ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
12:50:18.0182 5920 mfebopk - ok
12:50:18.0229 5920 [ BE3990ED559C79D5205EF54D65E5F59B ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:50:18.0245 5920 mfefire - ok
12:50:18.0291 5920 [ 3BC20DDA41BECC82680FB41372F03925 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
12:50:18.0323 5920 mfefirek - ok
12:50:18.0354 5920 [ DAFEFAA7C7402A2E335755B531E3F542 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:50:18.0369 5920 mfehidk - ok
12:50:18.0401 5920 [ 75D2D96C8BC2045B471FC488BD207D35 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
12:50:18.0416 5920 mferkdet - ok
12:50:18.0432 5920 [ 9CBE04C2A231DE7BC483F49E1414CFA6 ] mfevtp C:\Windows\system32\mfevtps.exe
12:50:18.0510 5920 mfevtp - ok
12:50:18.0525 5920 [ 86C1DB118379166CA93B194F44AF59D9 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:50:18.0541 5920 mfewfpk - ok
12:50:18.0588 5920 Microsoft SharePoint Workspace Audit Service - ok
12:50:18.0603 5920 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:50:18.0635 5920 MMCSS - ok
12:50:18.0666 5920 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:50:18.0697 5920 Modem - ok
12:50:18.0713 5920 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:50:18.0744 5920 monitor - ok
12:50:18.0759 5920 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:50:18.0775 5920 mouclass - ok
12:50:18.0775 5920 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:50:18.0806 5920 mouhid - ok
12:50:18.0822 5920 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:50:18.0837 5920 mountmgr - ok
12:50:18.0869 5920 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:50:18.0962 5920 MozillaMaintenance - ok
12:50:18.0978 5920 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:50:18.0993 5920 mpio - ok
12:50:18.0993 5920 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:50:19.0025 5920 mpsdrv - ok
12:50:19.0056 5920 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:50:19.0118 5920 MpsSvc - ok
12:50:19.0134 5920 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:50:19.0181 5920 MRxDAV - ok
12:50:19.0212 5920 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:50:19.0243 5920 mrxsmb - ok
12:50:19.0259 5920 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:50:19.0290 5920 mrxsmb10 - ok
12:50:19.0290 5920 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:50:19.0321 5920 mrxsmb20 - ok
12:50:19.0337 5920 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:50:19.0352 5920 msahci - ok
12:50:19.0352 5920 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:50:19.0368 5920 msdsm - ok
12:50:19.0399 5920 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:50:19.0446 5920 MSDTC - ok
12:50:19.0446 5920 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:50:19.0477 5920 Msfs - ok
12:50:19.0493 5920 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:50:19.0524 5920 mshidkmdf - ok
12:50:19.0539 5920 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:50:19.0555 5920 msisadrv - ok
12:50:19.0586 5920 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:50:19.0633 5920 MSiSCSI - ok
12:50:19.0633 5920 msiserver - ok
12:50:19.0664 5920 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:50:19.0680 5920 MSKSSRV - ok
12:50:19.0758 5920 [ E3F9EBFD64DEE48EE9E99949E312D883 ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
12:50:19.0789 5920 msoidsvc - ok
12:50:19.0805 5920 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:50:19.0836 5920 MSPCLOCK - ok
12:50:19.0867 5920 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:50:19.0914 5920 MSPQM - ok
12:50:19.0929 5920 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:50:19.0945 5920 MsRPC - ok
12:50:19.0945 5920 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:50:19.0961 5920 mssmbios - ok
12:50:19.0976 5920 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:50:20.0007 5920 MSTEE - ok
12:50:20.0023 5920 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:50:20.0054 5920 MTConfig - ok
12:50:20.0054 5920 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:50:20.0070 5920 Mup - ok
12:50:20.0148 5920 [ 7B99727A78036C43D3F50D6952E0B70B ] myAgtSvc C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:50:20.0163 5920 myAgtSvc - ok
12:50:20.0195 5920 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:50:20.0241 5920 napagent - ok
12:50:20.0273 5920 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:50:20.0319 5920 NativeWifiP - ok
12:50:20.0491 5920 [ 4BA84C832E0741A294C4444556DFE993 ] NAV C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
12:50:20.0507 5920 NAV - ok
12:50:20.0585 5920 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\NAVENG.SYS
12:50:20.0600 5920 NAVENG - ok
12:50:20.0647 5920 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\NAVEX15.SYS
12:50:20.0694 5920 NAVEX15 - ok
12:50:20.0787 5920 [ 4BA84C832E0741A294C4444556DFE993 ] NCO C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
12:50:20.0803 5920 NCO - ok
12:50:20.0834 5920 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:50:20.0865 5920 NDIS - ok
12:50:20.0897 5920 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:50:20.0943 5920 NdisCap - ok
12:50:21.0053 5920 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:50:21.0099 5920 NdisTapi - ok
12:50:21.0115 5920 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:50:21.0146 5920 Ndisuio - ok
12:50:21.0146 5920 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:50:21.0177 5920 NdisWan - ok
12:50:21.0193 5920 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:50:21.0224 5920 NDProxy - ok
12:50:21.0240 5920 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:50:21.0271 5920 NetBIOS - ok
12:50:21.0287 5920 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:50:21.0333 5920 NetBT - ok
12:50:21.0349 5920 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:50:21.0365 5920 Netlogon - ok
12:50:21.0396 5920 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:50:21.0427 5920 Netman - ok
12:50:21.0443 5920 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:50:21.0489 5920 netprofm - ok
12:50:21.0505 5920 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:50:21.0521 5920 NetTcpPortSharing - ok
12:50:21.0552 5920 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:50:21.0567 5920 nfrd960 - ok
12:50:21.0583 5920 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:50:21.0599 5920 NlaSvc - ok
12:50:21.0614 5920 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:50:21.0630 5920 Npfs - ok
12:50:21.0661 5920 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:50:21.0692 5920 nsi - ok
12:50:21.0692 5920 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:50:21.0739 5920 nsiproxy - ok
12:50:21.0786 5920 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:50:21.0817 5920 Ntfs - ok
12:50:21.0848 5920 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:50:21.0879 5920 Null - ok
12:50:21.0911 5920 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:50:21.0926 5920 nvraid - ok
12:50:21.0942 5920 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:50:21.0957 5920 nvstor - ok
12:50:21.0973 5920 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:50:21.0989 5920 nv_agp - ok
12:50:22.0004 5920 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:50:22.0020 5920 ohci1394 - ok
12:50:22.0051 5920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:22.0067 5920 ose - ok
12:50:22.0191 5920 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:50:22.0269 5920 osppsvc - ok
12:50:22.0301 5920 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:50:22.0347 5920 p2pimsvc - ok
12:50:22.0363 5920 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:50:22.0394 5920 p2psvc - ok
12:50:22.0441 5920 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:50:22.0457 5920 Parport - ok
12:50:22.0488 5920 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:50:22.0503 5920 partmgr - ok
12:50:22.0503 5920 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:50:22.0519 5920 Parvdm - ok
12:50:22.0550 5920 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:50:22.0566 5920 PcaSvc - ok
12:50:22.0581 5920 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:50:22.0597 5920 pci - ok
12:50:22.0613 5920 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:50:22.0628 5920 pciide - ok
12:50:22.0644 5920 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:50:22.0659 5920 pcmcia - ok
12:50:22.0659 5920 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:50:22.0675 5920 pcw - ok
12:50:22.0722 5920 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:50:22.0769 5920 PEAUTH - ok
12:50:22.0800 5920 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:50:22.0862 5920 PeerDistSvc - ok
12:50:22.0909 5920 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:50:22.0971 5920 pla - ok
12:50:23.0018 5920 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:50:23.0065 5920 PlugPlay - ok
12:50:23.0096 5920 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:50:23.0112 5920 PNRPAutoReg - ok
12:50:23.0143 5920 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:50:23.0159 5920 PNRPsvc - ok
12:50:23.0205 5920 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:50:23.0236 5920 PolicyAgent - ok
12:50:23.0268 5920 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:50:23.0299 5920 Power - ok
12:50:23.0330 5920 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:50:23.0377 5920 PptpMiniport - ok
12:50:23.0392 5920 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
12:50:23.0408 5920 Processor - ok
12:50:23.0424 5920 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:50:23.0470 5920 ProfSvc - ok
12:50:23.0486 5920 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:50:23.0502 5920 ProtectedStorage - ok
12:50:23.0517 5920 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:50:23.0548 5920 Psched - ok
12:50:23.0595 5920 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:50:23.0626 5920 ql2300 - ok
12:50:23.0642 5920 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:50:23.0658 5920 ql40xx - ok
12:50:23.0689 5920 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:50:23.0720 5920 QWAVE - ok
12:50:23.0720 5920 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:50:23.0736 5920 QWAVEdrv - ok
12:50:23.0751 5920 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:50:23.0782 5920 RasAcd - ok
12:50:23.0814 5920 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:50:23.0845 5920 RasAgileVpn - ok
12:50:23.0860 5920 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:50:23.0892 5920 RasAuto - ok
12:50:23.0907 5920 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:50:23.0938 5920 Rasl2tp - ok
12:50:23.0985 5920 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:50:24.0032 5920 RasMan - ok
12:50:24.0048 5920 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:50:24.0079 5920 RasPppoe - ok
12:50:24.0094 5920 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:50:24.0141 5920 RasSstp - ok
12:50:24.0157 5920 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:50:24.0188 5920 rdbss - ok
12:50:24.0204 5920 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:50:24.0219 5920 rdpbus - ok
12:50:24.0235 5920 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:50:24.0266 5920 RDPCDD - ok
12:50:24.0266 5920 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:50:24.0313 5920 RDPDR - ok
12:50:24.0313 5920 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:50:24.0344 5920 RDPENCDD - ok
12:50:24.0375 5920 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:50:24.0422 5920 RDPREFMP - ok
12:50:24.0438 5920 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:50:24.0469 5920 RDPWD - ok
12:50:24.0500 5920 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:50:24.0516 5920 rdyboost - ok
12:50:24.0531 5920 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:50:24.0562 5920 RemoteAccess - ok
12:50:24.0594 5920 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:50:24.0625 5920 RemoteRegistry - ok
12:50:24.0625 5920 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:50:24.0672 5920 RpcEptMapper - ok
12:50:24.0687 5920 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:50:24.0703 5920 RpcLocator - ok
12:50:24.0734 5920 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:50:24.0765 5920 RpcSs - ok
12:50:24.0781 5920 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:50:24.0843 5920 rspndr - ok
12:50:24.0874 5920 [ 7B99727A78036C43D3F50D6952E0B70B ] RumorServer C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:50:24.0890 5920 RumorServer - ok
12:50:24.0906 5920 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:50:24.0937 5920 s3cap - ok
12:50:24.0952 5920 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:50:24.0968 5920 SamSs - ok
12:50:24.0999 5920 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:50:25.0030 5920 sbp2port - ok
12:50:25.0062 5920 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:50:25.0093 5920 SCardSvr - ok
12:50:25.0108 5920 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:50:25.0155 5920 scfilter - ok
12:50:25.0186 5920 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:50:25.0233 5920 Schedule - ok
12:50:25.0249 5920 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:50:25.0280 5920 SCPolicySvc - ok
12:50:25.0296 5920 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:50:25.0327 5920 SDRSVC - ok
12:50:25.0358 5920 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:50:25.0467 5920 secdrv - ok
12:50:25.0498 5920 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:50:25.0576 5920 seclogon - ok
12:50:25.0623 5920 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:50:25.0654 5920 SENS - ok
12:50:25.0670 5920 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:50:25.0701 5920 SensrSvc - ok
12:50:25.0717 5920 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:50:25.0748 5920 Serenum - ok
12:50:25.0748 5920 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:50:25.0779 5920 Serial - ok
12:50:25.0795 5920 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:50:25.0810 5920 sermouse - ok
12:50:25.0842 5920 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:50:25.0873 5920 SessionEnv - ok
12:50:25.0888 5920 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:50:25.0920 5920 sffdisk - ok
12:50:25.0935 5920 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:50:25.0951 5920 sffp_mmc - ok
12:50:25.0966 5920 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:50:26.0013 5920 sffp_sd - ok
12:50:26.0013 5920 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:50:26.0044 5920 sfloppy - ok
12:50:26.0060 5920 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:50:26.0107 5920 SharedAccess - ok
12:50:26.0122 5920 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:50:26.0169 5920 ShellHWDetection - ok
12:50:26.0200 5920 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:50:26.0216 5920 sisagp - ok
12:50:26.0232 5920 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:50:26.0247 5920 SiSRaid2 - ok
12:50:26.0247 5920 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:50:26.0263 5920 SiSRaid4 - ok
12:50:26.0278 5920 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:50:26.0325 5920 Smb - ok
12:50:26.0356 5920 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:50:26.0372 5920 SNMPTRAP - ok
12:50:26.0388 5920 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:50:26.0403 5920 spldr - ok
12:50:26.0434 5920 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:50:26.0481 5920 Spooler - ok
12:50:26.0559 5920 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:50:26.0637 5920 sppsvc - ok
12:50:26.0653 5920 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:50:26.0700 5920 sppuinotify - ok
12:50:26.0778 5920 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\Windows\System32\Drivers\NAV\1402010.016\SRTSP.SYS
12:50:26.0809 5920 SRTSP - ok
12:50:26.0856 5920 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NAV\1402010.016\SRTSPX.SYS
12:50:26.0871 5920 SRTSPX - ok
12:50:26.0902 5920 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:50:26.0934 5920 srv - ok
12:50:26.0965 5920 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:50:27.0012 5920 srv2 - ok
12:50:27.0027 5920 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:50:27.0043 5920 srvnet - ok
12:50:27.0074 5920 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:50:27.0105 5920 SSDPSRV - ok
12:50:27.0121 5920 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:50:27.0152 5920 SstpSvc - ok
12:50:27.0168 5920 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:50:27.0183 5920 stexstor - ok
12:50:27.0214 5920 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:50:27.0246 5920 StiSvc - ok
12:50:27.0261 5920 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:50:27.0277 5920 storflt - ok
12:50:27.0308 5920 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:50:27.0324 5920 StorSvc - ok
12:50:27.0339 5920 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:50:27.0355 5920 storvsc - ok
12:50:27.0370 5920 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:50:27.0386 5920 swenum - ok
12:50:27.0402 5920 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:50:27.0448 5920 swprv - ok
12:50:27.0495 5920 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\Windows\system32\drivers\NAV\1402010.016\SYMDS.SYS
12:50:27.0511 5920 SymDS - ok
12:50:27.0542 5920 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\Windows\system32\drivers\NAV\1402010.016\SYMEFA.SYS
12:50:27.0573 5920 SymEFA - ok
12:50:27.0620 5920 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:50:27.0636 5920 SymEvent - ok
12:50:27.0667 5920 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NAV\1402010.016\Ironx86.SYS
12:50:27.0682 5920 SymIRON - ok
12:50:27.0682 5920 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NAV\1402010.016\SYMNETS.SYS
12:50:27.0698 5920 SymNetS - ok
12:50:27.0838 5920 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:50:27.0870 5920 SysMain - ok
12:50:27.0870 5920 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:50:27.0901 5920 TabletInputService - ok
12:50:27.0916 5920 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:50:27.0948 5920 TapiSrv - ok
12:50:27.0994 5920 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:50:28.0057 5920 TBS - ok
12:50:28.0088 5920 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:50:28.0135 5920 Tcpip - ok
12:50:28.0150 5920 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:50:28.0182 5920 TCPIP6 - ok
12:50:28.0213 5920 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:50:28.0244 5920 tcpipreg - ok
12:50:28.0275 5920 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:50:28.0291 5920 TDPIPE - ok
12:50:28.0322 5920 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:50:28.0338 5920 TDTCP - ok
12:50:28.0338 5920 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:50:28.0369 5920 tdx - ok
12:50:28.0447 5920 [ A6D294D9F7E2104EE50C5EFA309286C7 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
12:50:28.0494 5920 TeamViewer5 - ok
12:50:28.0509 5920 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:50:28.0525 5920 TermDD - ok
12:50:28.0540 5920 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:50:28.0587 5920 TermService - ok
12:50:28.0587 5920 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:50:28.0618 5920 Themes - ok
12:50:28.0634 5920 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:50:28.0665 5920 THREADORDER - ok
12:50:28.0681 5920 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:50:28.0728 5920 TrkWks - ok
12:50:28.0759 5920 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:50:28.0806 5920 TrustedInstaller - ok
12:50:28.0821 5920 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:50:28.0852 5920 tssecsrv - ok
12:50:28.0868 5920 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:50:28.0899 5920 TsUsbFlt - ok
12:50:28.0915 5920 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:50:28.0946 5920 TsUsbGD - ok
12:50:28.0962 5920 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:50:28.0993 5920 tunnel - ok
12:50:29.0008 5920 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:50:29.0024 5920 uagp35 - ok
12:50:29.0040 5920 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:50:29.0071 5920 udfs - ok
12:50:29.0102 5920 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:50:29.0118 5920 UI0Detect - ok
12:50:29.0133 5920 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:50:29.0149 5920 uliagpkx - ok
12:50:29.0164 5920 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:50:29.0180 5920 umbus - ok
12:50:29.0196 5920 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
12:50:29.0211 5920 UmPass - ok
12:50:29.0227 5920 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:50:29.0258 5920 UmRdpService - ok
12:50:29.0289 5920 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:50:29.0336 5920 upnphost - ok
12:50:29.0352 5920 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
12:50:29.0383 5920 usbccgp - ok
12:50:29.0398 5920 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:50:29.0414 5920 usbcir - ok
12:50:29.0429 5920 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:50:29.0461 5920 usbehci - ok
12:50:29.0476 5920 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:50:29.0492 5920 usbhub - ok
12:50:29.0554 5920 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:50:29.0585 5920 usbohci - ok
12:50:29.0710 5920 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:50:29.0741 5920 usbprint - ok
12:50:29.0773 5920 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:50:29.0835 5920 USBSTOR - ok
12:50:29.0851 5920 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:50:29.0882 5920 usbuhci - ok
12:50:29.0897 5920 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:50:29.0944 5920 UxSms - ok
12:50:29.0960 5920 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:50:29.0975 5920 VaultSvc - ok
12:50:30.0022 5920 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:50:30.0038 5920 vdrvroot - ok
12:50:30.0053 5920 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:50:30.0100 5920 vds - ok
12:50:30.0131 5920 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:30.0147 5920 vga - ok
12:50:30.0194 5920 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:50:30.0225 5920 VgaSave - ok
12:50:30.0303 5920 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:50:30.0334 5920 vhdmp - ok
12:50:30.0350 5920 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:50:30.0365 5920 viaagp - ok
12:50:30.0381 5920 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:50:30.0397 5920 ViaC7 - ok
12:50:30.0412 5920 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:50:30.0428 5920 viaide - ok
12:50:30.0443 5920 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:50:30.0459 5920 vmbus - ok
12:50:30.0475 5920 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:50:30.0506 5920 VMBusHID - ok
12:50:30.0506 5920 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:50:30.0521 5920 volmgr - ok
12:50:30.0553 5920 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:50:30.0568 5920 volmgrx - ok
12:50:30.0568 5920 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:50:30.0599 5920 volsnap - ok
12:50:30.0615 5920 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:50:30.0631 5920 vsmraid - ok
12:50:30.0677 5920 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:50:30.0724 5920 VSS - ok
12:50:30.0724 5920 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:50:30.0755 5920 vwifibus - ok
12:50:30.0755 5920 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:50:30.0787 5920 W32Time - ok
12:50:30.0818 5920 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:50:30.0849 5920 WacomPen - ok
12:50:30.0865 5920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:50:30.0896 5920 WANARP - ok
12:50:30.0896 5920 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:50:30.0927 5920 Wanarpv6 - ok
12:50:30.0974 5920 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:50:31.0036 5920 wbengine - ok
12:50:31.0036 5920 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:50:31.0067 5920 WbioSrvc - ok
12:50:31.0083 5920 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:50:31.0114 5920 wcncsvc - ok
12:50:31.0130 5920 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:50:31.0161 5920 WcsPlugInService - ok
12:50:31.0177 5920 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
12:50:31.0192 5920 Wd - ok
12:50:31.0223 5920 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:50:31.0270 5920 Wdf01000 - ok
12:50:31.0286 5920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:50:31.0333 5920 WdiServiceHost - ok
12:50:31.0348 5920 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:50:31.0364 5920 WdiSystemHost - ok
12:50:31.0379 5920 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:50:31.0411 5920 WebClient - ok
12:50:31.0426 5920 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:50:31.0457 5920 Wecsvc - ok
12:50:31.0473 5920 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:50:31.0504 5920 wercplsupport - ok
12:50:31.0520 5920 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:50:31.0551 5920 WerSvc - ok
12:50:31.0582 5920 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:50:31.0598 5920 WfpLwf - ok
12:50:31.0629 5920 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:50:31.0645 5920 WIMMount - ok
12:50:31.0691 5920 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:50:31.0723 5920 WinDefend - ok
12:50:31.0723 5920 WinHttpAutoProxySvc - ok
12:50:31.0769 5920 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:50:31.0816 5920 Winmgmt - ok
12:50:31.0863 5920 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:50:31.0910 5920 WinRM - ok
12:50:31.0941 5920 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:50:32.0019 5920 Wlansvc - ok
12:50:32.0050 5920 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:50:32.0066 5920 WmiAcpi - ok
12:50:32.0097 5920 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:50:32.0113 5920 wmiApSrv - ok
12:50:32.0175 5920 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:50:32.0222 5920 WMPNetworkSvc - ok
12:50:32.0253 5920 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:50:32.0284 5920 WPCSvc - ok
12:50:32.0300 5920 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:50:32.0347 5920 WPDBusEnum - ok
12:50:32.0378 5920 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:50:32.0409 5920 ws2ifsl - ok
12:50:32.0440 5920 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
12:50:32.0456 5920 wscsvc - ok
12:50:32.0456 5920 WSearch - ok
12:50:32.0534 5920 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:50:32.0581 5920 wuauserv - ok
12:50:32.0612 5920 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:50:32.0627 5920 WudfPf - ok
12:50:32.0643 5920 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:32.0674 5920 WUDFRd - ok
12:50:32.0705 5920 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:50:32.0721 5920 wudfsvc - ok
12:50:32.0752 5920 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:50:32.0799 5920 WwanSvc - ok
12:50:32.0830 5920 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
12:50:32.0846 5920 yukonw7 - ok
12:50:32.0846 5920 ================ Scan global ===============================
12:50:32.0877 5920 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:50:32.0893 5920 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:50:32.0908 5920 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:50:32.0924 5920 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:50:32.0939 5920 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:50:32.0955 5920 [Global] - ok
12:50:32.0955 5920 ================ Scan MBR ==================================
12:50:32.0955 5920 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:50:33.0251 5920 \Device\Harddisk0\DR0 - ok
12:50:33.0251 5920 ================ Scan VBR ==================================
12:50:33.0251 5920 [ B68D336008DB03F181039E403DEC3DF1 ] \Device\Harddisk0\DR0\Partition1
12:50:33.0251 5920 \Device\Harddisk0\DR0\Partition1 - ok
12:50:33.0283 5920 [ EC6A7314B5D26B97938CF72A9FAE976E ] \Device\Harddisk0\DR0\Partition2
12:50:33.0283 5920 \Device\Harddisk0\DR0\Partition2 - ok
12:50:33.0283 5920 ============================================================
12:50:33.0283 5920 Scan finished
12:50:33.0283 5920 ============================================================
12:50:33.0298 2732 Detected object count: 0
12:50:33.0298 2732 Actual detected object count: 0
|
|
20.02.2013, 13:39
| #6 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? Hi, Scan mit Combofix
__________________ --> Ist mein PC Viren und Trojanerfrei? |
|
20.02.2013, 14:42
| #7 |
| | Ist mein PC Viren und Trojanerfrei?Code:
ATTFilter ComboFix 13-02-18.02 - Administrator 20.02.2013 14:04:38.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3318.2162 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: McAfee® Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: McAfee® Security-as-a-Service *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee® Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-20 bis 2013-02-20 ))))))))))))))))))))))))))))))
.
.
2013-02-20 13:10 . 2013-02-20 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-19 10:51 . 2013-02-20 09:47 -------- d-----w- c:\windows\system32\drivers\NST
2013-02-19 10:51 . 2013-02-19 10:51 -------- d-----w- c:\program files\Norton Identity Safe
2013-02-19 10:51 . 2013-02-19 11:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-02-19 10:51 . 2013-02-19 10:51 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-02-19 10:51 . 2013-02-19 10:51 -------- d-----w- c:\program files\Symantec
2013-02-19 10:50 . 2013-02-20 06:11 -------- d-----w- c:\windows\system32\drivers\NAV
2013-02-19 10:50 . 2013-02-19 10:50 -------- d-----w- c:\program files\Norton AntiVirus
2013-02-19 10:50 . 2013-02-19 10:52 -------- d-----w- c:\programdata\Norton
2013-02-19 10:47 . 2013-02-19 10:51 -------- d-----w- c:\program files\NortonInstaller
2013-02-14 06:27 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 06:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 06:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 06:27 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 06:27 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 06:27 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 09:58 . 2013-02-13 09:58 -------- d-----w- c:\program files\Microsoft Lync
2013-02-13 09:57 . 2013-02-14 15:06 -------- d-----w- c:\program files\Microsoft Silverlight
2013-02-13 09:56 . 2013-02-13 09:56 -------- d-----w- c:\program files\OCSetup
2013-01-31 09:49 . 2013-01-31 10:14 -------- d-----w- C:\OkiDriver
2013-01-31 08:34 . 2013-01-31 08:35 -------- d-----w- c:\program files\PDF24
2013-01-31 06:58 . 2013-01-31 07:15 -------- d-----w- c:\program files\FrameMaker7.1
2013-01-31 06:58 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-01-30 06:34 . 2013-02-14 06:29 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 06:34 . 2013-02-14 06:29 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 06:34 . 2013-01-30 06:34 -------- d-----w- c:\windows\system32\Macromed
2013-01-29 14:41 . 2013-01-29 14:41 -------- d-----w- c:\program files\FileZilla FTP Client
2013-01-29 13:54 . 2013-01-29 13:54 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-01-29 13:37 . 2013-01-31 07:15 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-29 13:33 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-01-29 13:33 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-01-29 13:33 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-01-29 13:33 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-01-29 13:33 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-01-29 13:33 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-01-29 13:33 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-01-29 13:32 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2013-01-29 13:32 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2013-01-29 13:32 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2013-01-29 13:32 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2013-01-29 13:32 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2013-01-29 13:32 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2013-01-29 13:32 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2013-01-29 13:32 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2013-01-29 13:18 . 2013-01-29 13:18 -------- d-----w- c:\program files\Notepad++
2013-01-29 13:13 . 2013-01-31 08:04 -------- d-----w- C:\Alter_PCs
2013-01-29 13:10 . 2013-02-13 09:58 -------- d-----w- c:\users\Simetz
2013-01-29 13:08 . 2013-02-07 06:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-29 13:07 . 2013-01-29 13:07 -------- d-----w- c:\programdata\Citrix
2013-01-29 13:06 . 2013-01-29 13:06 -------- d-----w- c:\program files\Citrix
2013-01-29 13:06 . 2013-01-29 13:06 -------- d-----w- c:\programdata\ESTOS
2013-01-29 13:06 . 2012-02-15 18:46 3306824 ----a-w- c:\windows\system32\EACUSrv.exe
2013-01-29 13:05 . 2012-02-15 18:38 872448 ----a-w- c:\windows\system32\edial.tsp
2013-01-29 13:05 . 2013-01-29 13:05 -------- d-----w- c:\program files\ESTOS
2013-01-29 13:04 . 2012-09-04 10:00 373248 ----a-w- c:\windows\system32\MDConnector32X.dll
2013-01-29 13:04 . 2013-01-29 13:04 -------- d-----w- c:\program files\Alt-N Technologies
2013-01-29 13:04 . 2012-09-04 10:00 3024384 ----a-w- c:\windows\system32\MDConnector32.dll
2013-01-29 13:01 . 2013-01-29 13:01 -------- d-----w- c:\program files\TeamViewer
2013-01-29 12:54 . 2013-01-29 12:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-01-29 12:54 . 2013-01-29 14:51 -------- d-----w- c:\program files\Microsoft.NET
2013-01-29 12:54 . 2013-01-29 12:54 -------- d-----w- c:\windows\PCHEALTH
2013-01-29 12:54 . 2013-01-29 12:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-01-29 12:54 . 2013-01-29 12:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-29 12:53 . 2013-01-29 12:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-01-29 12:52 . 2013-01-29 12:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-29 12:51 . 2013-02-14 15:10 -------- d-----w- c:\programdata\Microsoft Help
2013-01-29 12:51 . 2013-01-29 12:51 -------- d-----r- C:\MSOCache
2013-01-29 12:30 . 2012-10-29 07:43 90576 ----a-w- c:\windows\system32\MfeOtlkAddin.dll
2013-01-29 12:30 . 2012-10-29 07:42 24168 ----a-w- c:\windows\system32\MFEOtlk.dll
2013-01-29 12:30 . 2012-10-29 07:43 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-01-29 12:29 . 2012-10-29 07:44 167344 ----a-w- c:\windows\system32\mfevtps.exe
2013-01-29 12:29 . 2013-01-29 12:31 -------- d-----w- c:\program files\Common Files\McAfee
2013-01-29 12:28 . 2013-01-29 14:04 -------- d-----w- c:\program files\McAfee
2013-01-29 12:27 . 2013-01-29 12:31 -------- d-----w- c:\programdata\McAfee
2013-01-29 12:13 . 2013-01-29 12:13 -------- d-----w- c:\windows\system32\Lang
2013-01-29 12:13 . 2009-09-23 10:50 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2013-01-29 12:13 . 2009-09-23 10:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2013-01-29 12:13 . 2013-01-29 12:13 -------- d-----w- c:\program files\Intel
2013-01-29 12:10 . 2013-01-29 12:10 -------- d-----w- c:\windows\system32\wbem\en-US
2013-01-29 12:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-29 12:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-29 12:01 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-01-29 11:55 . 2013-01-29 11:55 -------- d-----w- c:\windows\system32\x64
2013-01-29 11:55 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2013-01-29 11:43 . 2013-01-29 11:43 -------- d-----w- c:\programdata\Corel
2013-01-29 11:40 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-29 11:40 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-29 11:40 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-29 11:39 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-29 11:39 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-29 11:39 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-29 11:39 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-29 11:39 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-29 11:39 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-29 11:39 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-29 11:39 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-29 11:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-29 11:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-29 11:36 . 2013-01-29 11:36 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-01-29 11:34 . 2013-01-29 11:34 -------- d-----w- c:\program files\Corel
2013-01-29 11:32 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-29 11:31 . 2013-02-14 15:10 -------- d-sh--w- c:\windows\Installer
2013-01-29 11:27 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-01-29 11:23 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-29 11:19 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-01-29 11:16 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-29 11:16 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-01-29 11:16 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-29 11:16 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-29 11:16 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-01-29 11:16 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-01-29 11:16 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-29 11:15 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-29 11:15 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-29 11:13 . 2013-02-14 06:28 -------- d-----w- c:\users\Administrator
2013-01-29 11:10 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6AEAFE-1798-46DF-8EE6-9B78C806352B}\mpengine.dll
2013-01-29 10:41 . 2013-01-29 10:50 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 10:00 . 2010-07-20 04:09 18160 ----a-w- c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2013-02-06 06:33 . 2013-02-06 06:33 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2012-11-13 480872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ECtiClient"="c:\program files\ESTOS\ProCall 3\eCtiClient.exe" [2012-02-15 19199304]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-28 12105344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InstHwApi"="c:\program files\McAfee\Managed VirusScan\Agent\myInx.exe" [2012-11-13 345704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Online Plug-in.lnk - c:\windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2013-1-29 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1402010.016\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1402010.016\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1402010.016\ccSetx86.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD02010.021\ccSetx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1402010.016\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1402010.016\SYMNETS.SYS [x]
S2 EACUSrv;ESTOS Automatic Client Update;c:\windows\system32\EACUSrv.exe [x]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [x]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-30 06:29]
.
.
------- Zusätzlicher Suchlauf -------
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
TCP: Interfaces\{D4127E74-D69B-4768-A57C-2C38E49B03CF}: NameServer = 172.19.176.11,172.19.180.144
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lrbs5bjn.default\
FF - ExtSQL: 2013-01-29 13:38; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\Common Files\McAfee\SystemCore
FF - ExtSQL: 2013-02-19 12:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-02-20 13:55; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,3b,1b,58,a1,a1,
14,eb,e9,22,02,94,51,12,2a,bf,8b,a4,7b
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,39,f6,7e,
ab,89,f2,68,03,ab,0f,6f,90,e8,4b,cc,e0
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,ca,a8,
67,7e,21,17,07,ac,86,20,49,f1,5d,16,2e
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,
ae,1e,5d,37,00,a0,29,01,f3,01,cf,46,e0
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:2f,46,13,1f,1a,fe,cd,01
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,33,ed,cc,b5,c9,40,af,96,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,33,ed,cc,b5,c9,40,af,96,b7,\
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-20 14:13:32
ComboFix-quarantined-files.txt 2013-02-20 13:13
.
Vor Suchlauf: 7 Verzeichnis(se), 276.012.171.264 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 276.256.591.872 Bytes frei
.
- - End Of File - - FF9A9E7D79087BF8F20049EDE4469C13
|
|
20.02.2013, 17:19
| #8 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? sieht gut aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 12:17
| #9 |
| | Ist mein PC Viren und Trojanerfrei? Wieder nichts. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.14.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 **:: ** [limitiert] 21.02.2013 12:09:55 mbam-log-2013-02-21 (12-09-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 153724 Laufzeit: 6 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
21.02.2013, 15:02
| #10 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? so soll das ja im Idialfall auch sein. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 08:04
| #11 |
| | Ist mein PC Viren und Trojanerfrei? CCleaner Piriform 25.02.2013 3.28 -> nötig Citrix Online Plug-in Citrix Systems, Inc. 29.01.2013 12.3.0.8 -> nötig CorelDRAW(R) Graphics Suite X4 Corel Corporation 29.01.2013 -> nötig CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 29.01.2013 2,93 MB -> nötig ESTOS ProCall ESTOS 29.01.2013 54,5 MB 3.0.3.989 -> nötig FileZilla Client 3.6.0.2 FileZilla Project 29.01.2013 17,1 MB 3.6.0.2 -> nötig Intel(R) Graphics Media Accelerator Driver Intel Corporation 29.01.2013 54,2 MB 8.15.10.1930 -> nötig Intel(R) TV Wizard Intel Corporation 29.01.2013 -> nötig KeePass Password Safe 2.21 Dominik Reichl 21.02.2013 6,37 MB -> nötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.02.2013 18,4 MB 1.70.0.1100 -> nicht mehr nötig McAfee Browser Protection Service McAfee, Inc. 29.01.2013 6.0.0.339 -> nötig McAfee Firewall Protection Service McAfee, Inc. 29.01.2013 6.0.0.339 -> nötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.01.2013 38,8 MB 4.0.30319 -> nötig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.01.2013 2,93 MB 4.0.30319 -> nötig Microsoft Lync 2010 Microsoft Corporation 13.02.2013 74,1 MB 4.0.7577.4356 -> nötig Microsoft Office Professional Plus 2010 Microsoft Corporation 29.01.2013 14.0.6029.1000 -> nötig Microsoft Online Services-Anmelde-Assistent Microsoft Corporation 13.02.2013 3,75 MB 7.250.4122.0 -> nötig Microsoft Silverlight Microsoft Corporation 14.02.2013 40,4 MB 4.1.10329.0 -> nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.02.2013 588 KB 9.0.30729.4148 -> nötig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.02.2013 600 KB 9.0.30729.6161 -> nötig Mozilla Firefox 19.0 (x86 de) Mozilla 27.02.2013 44,4 MB 19.0 -> nötig Mozilla Maintenance Service Mozilla 27.02.2013 330 KB 19.0 -> nötig Notepad++ 29.01.2013 6.2.3 -> nötig Outlook Connector for MDaemon Plug-in Alt-N Technologies. Ltd. 29.01.2013 2.3.0 -> nötig PDF24 Creator 5.2.0 PDF24.org 31.01.2013 41,4 MB -> nötig TeamViewer 5 Host TeamViewer GmbH 29.01.2013 5.1.16947 -> nötig WinRAR 4.20 (32-Bit) win.rar GmbH 31.01.2013 4.20.0 -> nötig |
|
01.03.2013, 13:55
| #12 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? sieht unvollständig aus, fängt zb erst ab "c" an.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2013, 07:29
| #13 |
| | Ist mein PC Viren und Trojanerfrei? Ups beim Kopieren hat er das Adobe Zeug nicht mitgenommen... Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Systems 25.02.2013 9.0.0 Adobe AIR Adobe Systems Inc. 21.02.2013 1.5.3.9120 Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 21.02.2013 2,42 MB 10.1.52.14 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00 MB 11.6.602.171 Adobe Media Player Adobe Systems Incorporated 21.02.2013 1.8 |
|
08.03.2013, 20:43
| #14 |
| /// Malware-holic | Ist mein PC Viren und Trojanerfrei? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: TeamViewer : würde ich nur bei Bedarf instalieren, wenn er unbedingt drauf sein muss, Upgrade auf Version 8 Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ist mein PC Viren und Trojanerfrei? |
| 100%, aktiviert, arbeiten, backup, befallen, böses, firewall, gerettet, hartnäckig, heute, mcafee, möglichkeiten, platt, programm, skript, troja, versteckte, viren, vorhanden, website |
WARNUNG an die MITLESER: 
Linear-Darstellung
