Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Googlesuche wird auf falsche Seiten weitergeleitet.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.01.2013, 17:28   #1
kurzerhh
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Hallo Boardteam,

ich wünsche euch ein frohes gesundes und erfolgreiches neues Jahr.
Wie hier im Forum steht sollte jeder für sein Trojaner ein eigen Post aufmachen, also fange ich an.

Die Suche in Google wird auf andere Seiten umgeleitet. Malwarebytes habe ich schon installiert und OTL ist auch schon drauf.

Logfiles folgen die Scans laufen noch.

Vielen Dank
Kurzer

OTL Extras.log

Code:
ATTFilter
OTL Extras logfile created on: 01.01.2013 17:24:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = \\SBS11-AF-01\Firma\Gemeinsame Dateien
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,03% Memory free
7,81 Gb Paging File | 5,75 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 347,37 Gb Total Space | 300,77 Gb Free Space | 86,58% Space Free | Partition Type: NTFS
 
Computer Name: PC-AF-001 | User Name: master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23331AC9-3F28-45C7-8C33-10324BC92983}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{284D303C-D2A9-4EE6-AEC6-18E830719F92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{511EBB56-EA10-4F8F-BC64-BA971A2941EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{55D0693A-1BB2-44ED-8161-7A92B18A1405}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5973D47D-4610-4F84-9A64-F390DE04649E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{66574149-E8C2-4C08-95A0-DC3E1B4E2CDB}" = lport=49153 | protocol=17 | dir=in | name=lancapi | 
"{810348C3-7DDD-4F76-BBAE-EBFF6938D89C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{93E6C5C2-A77A-4D96-B995-D24E20F971C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{98AE1E1E-F771-40E9-B5DB-9F8B98685704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CA66BFF-2587-42C0-8611-4719F1BC6F42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BEA395A0-185D-4574-8AB6-236C86E1F295}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DFAB48CD-023E-45D8-A17F-FCF751547425}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4B6BC71-AEF2-4FFC-AEF9-AC973E287478}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F6046F96-2493-4821-9A8D-DF4520F3CBD9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F06056B-D50A-45BD-9F06-E082847DC6DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{38C5AF5C-19A2-45AB-B593-372CE5B8207A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{45549A39-3305-48BA-8A03-6CC3EA003B29}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{493A9E38-5ED8-4D9B-AC05-C6E09809FB79}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{4D6C823F-6A31-4CB7-8A7A-DA0084A74F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{5B54D2DE-0FF2-495F-B9AF-C438199F62F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{5F10FABA-0354-4D6B-B430-6DBD4D740F82}" = protocol=6 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\ouservice\starmoneyonlineupdate.exe | 
"{6BA1D22B-830B-41E0-B810-2242AB26311D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{735CC61D-6637-4D1F-B6B3-67E1C4334F3F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{74837FC4-5C22-4803-B010-CACA3604C2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{81A7F7FB-A255-4BBC-84F2-6962F0BBBAAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{847349B5-B9BE-49DD-BC77-84C99EB5A716}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{84F2E98A-FF3B-4CDF-BD2A-76BF77887D94}" = protocol=17 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\app\starmoney.exe | 
"{85BC8B8A-BB0E-4005-B12B-14036099EFD6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9CF32083-A30C-4ADE-926E-3C472823B4FC}" = protocol=6 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\app\starmoney.exe | 
"{A5D1E6EC-C86F-4C72-A107-0BF985DAF45D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A9FBDCC0-81CD-4A4B-BBA7-467F557F9194}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{AFA4BA1E-D64B-479C-95EB-168DCD857A9C}" = protocol=17 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\ouservice\starmoneyonlineupdate.exe | 
"{D1453702-35A2-4671-A93E-19C1F5A1C3C6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{D6D60AD2-5EBF-4A02-AED1-7A2E424171A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"TCP Query User{2D80FD77-4DF5-4143-B818-D9273E158E65}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{D0491183-0933-418F-88F9-586B50EADA5F}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AAD74846-0637-4DAE-BF0C-7B66D3304F87}" = Symantec Endpoint Protection Small Business Edition
"{C1E4D639-4A33-4314-809E-89BD0EF48522}" = Windows Small Business Server 2011 Connector
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EEF9C83C-5D22-4BB8-8453-0F4F5F2328D2}" = Nitro Pro 7
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CapiModm" = CAPI Faxmodem
"LcsCapi" = LANCAPI
"LcsNdisWan" = LANCAPI DFÜ-Netzwerk Unterstützung
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{29C7C827-D527-4CBE-9003-CBD6E2634727}" = Wildeboer Bauteile Dimensionierung
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40EF8EA6-8FC5-49CA-9C08-CC2AAF664238}" = StarMoney Business 5.0 Deutsche Bank Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A11D2FE-62A1-4588-9F16-8DB3993EBDB1}" = Air Humid Handling
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{6020E187-FF3D-41A3-999B-412CF16EB9A9}" = Sage Handwerk Setup-Requirements
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE046242-BA39-4382-B039-A8B8284E01B5}" = Sage HWP 2012
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DeskUpdate_is1" = DeskUpdate 4.11
"Google Chrome" = Google Chrome
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 6 Host" = TeamViewer 6 Host
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Xpress" = Xpress
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2012 02:53:50 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.12.2012 03:03:45 | Computer Name = PC-AF-001.Airfit.local | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 04.12.2012 10:56:32 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.12.2012 03:00:49 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2012 03:03:34 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.12.2012 03:12:32 | Computer Name = PC-AF-001.Airfit.local | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 13.12.2012 04:06:59 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 02:55:18 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 03:30:20 | Computer Name = PC-AF-001.Airfit.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Handwerk.exe, Version: 5.1.2.63, 
Zeitstempel: 0x4f8eaaff  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x1701e002  ID des fehlerhaften
 Prozesses: 0xe68  Startzeit der fehlerhaften Anwendung: 0x01cddc27e84df908  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Sage\Handwerk\Handwerk.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 9c5860f1-481b-11e2-b7ba-00a05707c5c0
 
Error - 17.12.2012 05:59:27 | Computer Name = PC-AF-001.Airfit.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x11d4  Startzeit der fehlerhaften Anwendung: 0x01cddc3a6e7b863c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 71176e65-4830-11e2-b7ba-00a05707c5c0
 
[ System Events ]
Error - 05.10.2012 10:20:30 | Computer Name = PC-AF-001.Airfit.local | Source = UmrdpService | ID = 1111
Description = Der für den Drucker PDF24 PDF erforderliche Treiber PDF24 PDF ist 
unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren,
 bevor Sie sich erneut anmelden.
 
Error - 21.10.2012 06:40:44 | Computer Name = PC-AF-001.Airfit.local | Source = TermDD | ID = 655416
Description = 
 
Error - 22.10.2012 03:15:21 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HAMBURG aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 15.11.2012 03:47:10 | Computer Name = PC-AF-001.Airfit.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0902 fehlgeschlagen: Update für Kernelmodustreiber-Framework Version
 1.11 für Windows 7 für x64-basierte Systeme (KB2685811)
 
Error - 15.11.2012 04:03:59 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HAMBURG aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 10.12.2012 04:03:07 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HAMBURG aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 19.12.2012 06:30:56 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HAMBURG aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 19.12.2012 16:30:53 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne HAMBURG aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies
 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer
 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn
 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 
Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 19.12.2012 18:34:43 | Computer Name = PC-AF-001.Airfit.local | Source = SMSvcHost 4.0.0.0 | ID = 262152
Description = An error occurred while dispatching a duplicated socket: this handle
 is now leaked in the process.   ID: 2232   Source: System.ServiceModel.Activation.TcpWorkerProcess/59088883

Exception:
 System.ServiceModel.ServiceActivationException: An error occurred while duplicating
 a socket. See inner exception for more information. ---> System.Net.Sockets.SocketException:
 Ein ungültiges Argument wurde angegeben     at System.Net.Sockets.Socket.DuplicateAndClose(Int32
 targetProcessId)     at System.ServiceModel.Channels.SocketConnection.DuplicateAndClose(Int32
 targetProcessId)     at System.ServiceModel.Activation.TcpWorkerProcess.DuplicateConnection(ListenerSessionConnection
 session)     --- End of inner exception stack trace ---     at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult
 result)     at System.ServiceModel.Activation.WorkerProcess.EndDispatchSession(IAsyncResult
 result)    Process Name: SMSvcHost   Process ID: 2012 
 
Error - 29.12.2012 09:29:43 | Computer Name = PC-AF-001.Airfit.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
 konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
 zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
 und richtig ausgeführt wird.
 
[ WSSG Events ]
Error - 31.12.2012 03:48:11 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 05:53:20 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 09:48:10 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 11:53:20 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 15:48:09 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 17:53:19 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 21:48:08 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 31.12.2012 23:53:17 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 01.01.2013 03:48:07 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
Error - 01.01.2013 05:53:18 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich.   Grund: ServerUnreachable,
 System.String[]
 
 
< End of report >
         
OTL.log

Code:
ATTFilter
OTL logfile created on: 01.01.2013 17:24:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = \\SBS11-AF-01\Firma\Gemeinsame Dateien
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,03% Memory free
7,81 Gb Paging File | 5,75 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 347,37 Gb Total Space | 300,77 Gb Free Space | 86,58% Space Free | Partition Type: NTFS
 
Computer Name: PC-AF-001 | User Name: master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - \\SBS11-AF-01\Firma\Gemeinsame Dateien\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - c:\program files (x86)\teamviewer\version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe (Sage Software)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (ServiceProviderRegistry) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe (Microsoft Corporation)
SRV:64bit: - (LcsFwTool) -- C:\Program Files\LANCOM\LANCAPI\fwtool.exe (LANCOM Systems GmbH, Würselen (Germany))
SRV:64bit: - (LANConfig) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe (Microsoft Corporation)
SRV:64bit: - (WSS_ComputerBackupProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (SqmProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (providers_system) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (NotificationsProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (initMonitor) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (HealthAlertsSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation)
SRV:64bit: - (WSConnectorUpdate) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SageDeploymentService) -- C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe (Sage Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LcsCapiDrv) -- C:\Windows\SysNative\drivers\rcapi.sys (LANCOM Systems)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BackupReader) -- C:\Windows\SysNative\drivers\BackupReader.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LCSWAN) -- C:\Windows\SysNative\drivers\lcswan.sys (LANCOM Systems)
DRV:64bit: - (LcsCapiMdm) -- C:\Windows\SysNative\drivers\vmdmd.sys (LANCOM Systems)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121231.020\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121231.020\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673}
IE:64bit: - HKLM\..\SearchScopes\{C4795816-9508-4EB5-BC83-A993A381F673}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673}
IE - HKLM\..\SearchScopes\{C4795816-9508-4EB5-BC83-A993A381F673}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673}
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] X:\app\oflagent.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1111..\Run: [LANCAPI] C:\Program Files\LANCOM\LANCAPI\rcapi.exe (LANCOM Systems GmbH, Würselen (Germany))
O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114..\Run: [Fidtimkr] C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\wommelsdorff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LANCAPI.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: SBS11-AF-01 ([]file in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.40.5 217.237.150.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Airfit.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C867445C-FF5B-46F2-B105-718EB610EDFD}: DhcpNameServer = 192.168.40.5 217.237.150.205
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f060dbcd-8bd5-11e1-a211-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f060dbcd-8bd5-11e1-a211-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.29 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Microsoft_Corporation
[2012.12.29 14:36:49 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Programs
[2012.12.21 15:55:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.12.21 15:55:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.12.21 15:55:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.12.21 15:55:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.12.21 15:55:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012.12.21 15:55:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.12.21 15:55:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.12.21 15:55:03 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.12.21 15:55:03 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.12.21 15:55:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.12.21 15:55:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.12.21 15:55:03 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.12.21 15:55:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.12.21 15:55:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.12.21 15:55:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.12.21 15:55:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.12.21 15:55:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.12.21 15:55:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.12.21 15:55:03 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.12.21 15:55:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.12.21 15:55:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.12.21 15:55:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.12.21 15:55:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.12.21 15:55:02 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.12.21 15:55:02 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.12.21 15:54:38 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 15:54:38 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 15:54:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 15:54:37 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 15:54:14 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.12.21 15:54:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.12.21 15:54:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.12.21 15:54:06 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.12.21 15:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.21 15:48:39 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Google
[2012.12.19 19:51:29 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Roaming\Malwarebytes
[2012.12.19 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.19 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.19 19:51:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.19 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.13 08:46:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.13 08:46:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.13 08:46:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.13 08:46:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.13 08:46:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.13 08:46:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.13 08:46:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.13 08:46:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.13 08:46:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.13 08:46:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.13 08:46:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.13 08:46:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.13 08:46:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.13 08:46:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.13 08:46:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.11 22:43:31 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.11 22:43:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.11 22:43:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.11 22:43:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.11 22:43:30 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.11 22:43:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.11 22:43:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.11 22:43:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.11 22:43:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.11 22:43:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.11 22:43:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.11 22:43:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:43:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:43:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:43:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:43:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:43:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.11 22:42:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.11 22:42:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.01 17:07:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.01 16:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.01 16:41:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.01 16:40:09 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 16:40:09 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.01 16:37:00 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.01 16:37:00 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.01 16:37:00 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.01 16:37:00 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.01 16:37:00 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.01 16:32:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.01 16:31:47 | 3146,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.29 17:53:17 | 000,002,155 | ---- | M] () -- \\SBS11-AF-01\Benutzer\master\Desktop\Google Chrome.lnk
[2012.12.29 14:42:04 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.12.29 14:42:03 | 000,000,008 | RHS- | M] () -- C:\Users\master.HAMBURG\ntuser.pol
[2012.12.29 14:37:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 11:40:05 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 08:07:47 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 10:07:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 10:07:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.12.29 17:53:17 | 000,002,155 | ---- | C] () -- \\SBS11-AF-01\Benutzer\master\Desktop\Google Chrome.lnk
[2012.12.29 14:42:04 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.12.28 11:40:05 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.21 15:48:40 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.21 15:48:40 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.19 19:51:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 07:21:22 | 000,004,910 | ---- | C] () -- C:\ProgramData\uvhsaztn.njk
[2012.05.15 07:21:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\3769320754
[2012.05.14 08:52:02 | 000,004,910 | ---- | C] () -- C:\ProgramData\tvhsaztn.njk
[2012.04.23 11:51:53 | 000,000,008 | RHS- | C] () -- C:\Users\master.HAMBURG\ntuser.pol
[2012.04.21 20:24:04 | 000,003,086 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.04.04 08:41:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.04 08:41:07 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.04 08:41:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 10:47:01 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2011.04.15 06:37:26 | 005,045,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Fujitsu Launch Center
[2012.04.21 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Fujitsu Launch Center
[2012.04.23 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\master.HAMBURG\AppData\Roaming\Fujitsu Launch Center
[2012.09.14 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Downloaded Installations
[2012.04.21 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Fujitsu Launch Center
[2012.06.13 10:48:37 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Handwerk
[2012.12.28 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Nitro PDF
 
========== Purity Check ==========
 
 

< End of report >
         
Malwarebytes log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
master :: PC-AF-001 [Administrator]

01.01.2013 17:34:46
mbam-log-2013-01-01 (17-34-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371128
Laufzeit: 26 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 02.01.2013, 16:04   #2
markusg
/// Malware-holic
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114..\Run: [Fidtimkr] C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll ()
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.


Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________

Alt 03.01.2013, 20:44   #3
kurzerhh
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Hier die Log.

Upload hat geklappt.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\Software\Microsoft\Windows\CurrentVersion\Run\\Fidtimkr deleted successfully.
C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: install
 
User: master
->Flash cache emptied: 456 bytes
 
User: master.HAMBURG
->Flash cache emptied: 470 bytes
 
User: Public
 
User: wommelsdorff
->Flash cache emptied: 506 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: install
->Temp folder emptied: 983532 bytes
->Temporary Internet Files folder emptied: 1624884 bytes
 
User: master
->Temp folder emptied: 2132554 bytes
->Temporary Internet Files folder emptied: 13838943 bytes
->Flash cache emptied: 0 bytes
 
User: master.HAMBURG
->Temp folder emptied: 4714674 bytes
->Temporary Internet Files folder emptied: 1517370 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: wommelsdorff
->Temp folder emptied: 23312164 bytes
->Temporary Internet Files folder emptied: 61792970 bytes
->Java cache emptied: 3834443 bytes
->Google Chrome cache emptied: 26351326 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 134,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01022013_195914
         
Getinfo

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1cbfae0,dwLowDateTime = 0xcc468ee0
System32:			 dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x5c957121
         
Hallo Boardteam,

der Fehler tritt nicht mehr auf. Vielen Dank schon mal für eure Hilfe.
Wenn ich nichts mehr tun muss, kann hier geschlossen werden.

Gruß
Kurzerhh
__________________

Alt 03.01.2013, 20:55   #4
markusg
/// Malware-holic
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Frage von oben noch beantworten bitte, und zu tun haben wir noch.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 21:58   #5
kurzerhh
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Auf die Fragen bekomme ich leider nie eine Antwort.
Es handelt sich hier um den Rechner von einem Kumpel.

Was ich weiß ist, dass der Benutzer keine Adminrechte hat. Und die Windowsupdates eigentlich wöchentlich durchgeführt werden.

Aber ich bekomme immer wieder zu hören, ich habe nichts getan und ich war auch nicht auf solche Seiten.
Nur komisch, dass immer alle wissen wie man den Verlauf löscht.

Hier kann ich also leider nicht weiterhelfen.

Warte weiter auf Anweisungen.


Gruß Kurzerhh


Alt 05.01.2013, 18:32   #6
markusg
/// Malware-holic
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Hi,
so ist das nu mal :d
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Googlesuche wird auf falsche Seiten weitergeleitet.

Alt 05.01.2013, 19:33   #7
kurzerhh
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



TDSS Killer


Code:
ATTFilter
19:31:34.0612 6736  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:31:35.0220 6736  ============================================================
19:31:35.0220 6736  Current date / time: 2013/01/05 19:31:35.0220
19:31:35.0220 6736  SystemInfo:
19:31:35.0220 6736  
19:31:35.0220 6736  OS Version: 6.1.7601 ServicePack: 1.0
19:31:35.0220 6736  Product type: Workstation
19:31:35.0220 6736  ComputerName: PC-AF-001
19:31:35.0220 6736  UserName: master
19:31:35.0220 6736  Windows directory: C:\Windows
19:31:35.0220 6736  System windows directory: C:\Windows
19:31:35.0220 6736  Running under WOW64
19:31:35.0220 6736  Processor architecture: Intel x64
19:31:35.0220 6736  Number of processors: 2
19:31:35.0220 6736  Page size: 0x1000
19:31:35.0220 6736  Boot type: Normal boot
19:31:35.0220 6736  ============================================================
19:31:35.0766 6736  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:35.0766 6736  ============================================================
19:31:35.0766 6736  \Device\Harddisk0\DR0:
19:31:35.0766 6736  MBR partitions:
19:31:35.0782 6736  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x402000, BlocksNum 0x2B6BF000
19:31:35.0829 6736  ============================================================
19:31:35.0875 6736  C: <-> \Device\Harddisk0\DR0\Partition1
19:31:35.0875 6736  ============================================================
19:31:35.0875 6736  Initialize success
19:31:35.0875 6736  ============================================================
19:31:44.0549 1344  ============================================================
19:31:44.0549 1344  Scan started
19:31:44.0549 1344  Mode: Manual; SigCheck; TDLFS; 
19:31:44.0549 1344  ============================================================
19:31:45.0188 1344  ================ Scan system memory ========================
19:31:45.0188 1344  System memory - ok
19:31:45.0188 1344  ================ Scan services =============================
19:31:45.0344 1344  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:31:45.0407 1344  1394ohci - ok
19:31:45.0422 1344  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:31:45.0438 1344  ACPI - ok
19:31:45.0454 1344  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:31:45.0516 1344  AcpiPmi - ok
19:31:45.0610 1344  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:31:45.0641 1344  AdobeARMservice - ok
19:31:45.0734 1344  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:45.0781 1344  AdobeFlashPlayerUpdateSvc - ok
19:31:45.0812 1344  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:31:45.0844 1344  adp94xx - ok
19:31:45.0875 1344  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:31:45.0906 1344  adpahci - ok
19:31:45.0953 1344  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:31:45.0984 1344  adpu320 - ok
19:31:46.0015 1344  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:31:46.0093 1344  AeLookupSvc - ok
19:31:46.0140 1344  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:31:46.0187 1344  AFD - ok
19:31:46.0202 1344  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:31:46.0234 1344  agp440 - ok
19:31:46.0249 1344  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:31:46.0280 1344  ALG - ok
19:31:46.0296 1344  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:31:46.0312 1344  aliide - ok
19:31:46.0327 1344  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:31:46.0343 1344  amdide - ok
19:31:46.0390 1344  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:31:46.0421 1344  AmdK8 - ok
19:31:46.0452 1344  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:31:46.0483 1344  AmdPPM - ok
19:31:46.0514 1344  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:31:46.0546 1344  amdsata - ok
19:31:46.0577 1344  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:31:46.0592 1344  amdsbs - ok
19:31:46.0624 1344  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:31:46.0639 1344  amdxata - ok
19:31:46.0655 1344  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:31:46.0702 1344  AppID - ok
19:31:46.0717 1344  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:31:46.0764 1344  AppIDSvc - ok
19:31:46.0780 1344  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:31:46.0842 1344  Appinfo - ok
19:31:46.0858 1344  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:31:46.0889 1344  AppMgmt - ok
19:31:46.0904 1344  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:31:46.0936 1344  arc - ok
19:31:46.0967 1344  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:31:46.0982 1344  arcsas - ok
19:31:47.0045 1344  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:31:47.0092 1344  aspnet_state - ok
19:31:47.0092 1344  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:47.0170 1344  AsyncMac - ok
19:31:47.0201 1344  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:31:47.0232 1344  atapi - ok
19:31:47.0263 1344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:31:47.0341 1344  AudioEndpointBuilder - ok
19:31:47.0341 1344  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:31:47.0372 1344  AudioSrv - ok
19:31:47.0419 1344  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:31:47.0466 1344  AxInstSV - ok
19:31:47.0528 1344  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:31:47.0575 1344  b06bdrv - ok
19:31:47.0606 1344  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:31:47.0638 1344  b57nd60a - ok
19:31:47.0653 1344  [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader    C:\Windows\system32\DRIVERS\BackupReader.sys
19:31:47.0669 1344  BackupReader - ok
19:31:47.0700 1344  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:31:47.0731 1344  BDESVC - ok
19:31:47.0747 1344  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:31:47.0794 1344  Beep - ok
19:31:47.0840 1344  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:31:47.0918 1344  BFE - ok
19:31:47.0965 1344  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:31:48.0043 1344  BITS - ok
19:31:48.0074 1344  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:48.0106 1344  blbdrive - ok
19:31:48.0121 1344  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:31:48.0168 1344  bowser - ok
19:31:48.0184 1344  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:31:48.0215 1344  BrFiltLo - ok
19:31:48.0230 1344  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:31:48.0262 1344  BrFiltUp - ok
19:31:48.0277 1344  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:31:48.0324 1344  Browser - ok
19:31:48.0340 1344  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:31:48.0386 1344  Brserid - ok
19:31:48.0386 1344  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:31:48.0418 1344  BrSerWdm - ok
19:31:48.0433 1344  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:31:48.0464 1344  BrUsbMdm - ok
19:31:48.0480 1344  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:31:48.0496 1344  BrUsbSer - ok
19:31:48.0511 1344  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:31:48.0527 1344  BTHMODEM - ok
19:31:48.0542 1344  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:31:48.0589 1344  bthserv - ok
19:31:48.0652 1344  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
19:31:48.0667 1344  ccEvtMgr - ok
19:31:48.0667 1344  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
19:31:48.0683 1344  ccSetMgr - ok
19:31:48.0698 1344  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:31:48.0730 1344  cdfs - ok
19:31:48.0745 1344  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:31:48.0776 1344  cdrom - ok
19:31:48.0792 1344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:31:48.0839 1344  CertPropSvc - ok
19:31:48.0854 1344  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:31:48.0870 1344  circlass - ok
19:31:48.0886 1344  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:31:48.0917 1344  CLFS - ok
19:31:48.0948 1344  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:48.0995 1344  clr_optimization_v2.0.50727_32 - ok
19:31:49.0010 1344  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:31:49.0026 1344  clr_optimization_v2.0.50727_64 - ok
19:31:49.0088 1344  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:49.0135 1344  clr_optimization_v4.0.30319_32 - ok
19:31:49.0135 1344  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:31:49.0166 1344  clr_optimization_v4.0.30319_64 - ok
19:31:49.0198 1344  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:31:49.0229 1344  CmBatt - ok
19:31:49.0244 1344  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:31:49.0260 1344  cmdide - ok
19:31:49.0291 1344  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:31:49.0322 1344  CNG - ok
19:31:49.0338 1344  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:31:49.0354 1344  Compbatt - ok
19:31:49.0385 1344  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:31:49.0416 1344  CompositeBus - ok
19:31:49.0432 1344  COMSysApp - ok
19:31:49.0447 1344  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:31:49.0463 1344  crcdisk - ok
19:31:49.0494 1344  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:31:49.0541 1344  CryptSvc - ok
19:31:49.0556 1344  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:31:49.0603 1344  CSC - ok
19:31:49.0619 1344  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:31:49.0666 1344  CscService - ok
19:31:49.0681 1344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:31:49.0728 1344  DcomLaunch - ok
19:31:49.0759 1344  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:31:49.0806 1344  defragsvc - ok
19:31:49.0822 1344  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:31:49.0884 1344  DfsC - ok
19:31:49.0900 1344  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:31:49.0962 1344  Dhcp - ok
19:31:49.0978 1344  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:31:50.0024 1344  discache - ok
19:31:50.0071 1344  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:31:50.0071 1344  Disk - ok
19:31:50.0102 1344  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:31:50.0149 1344  dmvsc - ok
19:31:50.0165 1344  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:31:50.0212 1344  Dnscache - ok
19:31:50.0227 1344  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:31:50.0274 1344  dot3svc - ok
19:31:50.0290 1344  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:31:50.0336 1344  DPS - ok
19:31:50.0368 1344  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:31:50.0399 1344  drmkaud - ok
19:31:50.0414 1344  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:31:50.0446 1344  DXGKrnl - ok
19:31:50.0492 1344  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:31:50.0570 1344  EapHost - ok
19:31:50.0633 1344  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:31:50.0726 1344  ebdrv - ok
19:31:50.0773 1344  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:31:50.0804 1344  eeCtrl - ok
19:31:50.0851 1344  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:31:50.0882 1344  EFS - ok
19:31:50.0929 1344  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:31:50.0976 1344  ehRecvr - ok
19:31:50.0992 1344  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:31:51.0038 1344  ehSched - ok
19:31:51.0054 1344  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:31:51.0101 1344  elxstor - ok
19:31:51.0116 1344  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:31:51.0132 1344  EraserUtilRebootDrv - ok
19:31:51.0148 1344  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:31:51.0179 1344  ErrDev - ok
19:31:51.0210 1344  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:31:51.0257 1344  EventSystem - ok
19:31:51.0272 1344  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:31:51.0319 1344  exfat - ok
19:31:51.0335 1344  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:31:51.0381 1344  fastfat - ok
19:31:51.0413 1344  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:31:51.0475 1344  Fax - ok
19:31:51.0491 1344  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:31:51.0522 1344  fdc - ok
19:31:51.0537 1344  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:31:51.0584 1344  fdPHost - ok
19:31:51.0600 1344  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:31:51.0647 1344  FDResPub - ok
19:31:51.0662 1344  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:31:51.0662 1344  FileInfo - ok
19:31:51.0678 1344  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:31:51.0725 1344  Filetrace - ok
19:31:51.0740 1344  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:31:51.0756 1344  flpydisk - ok
19:31:51.0787 1344  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:31:51.0818 1344  FltMgr - ok
19:31:51.0849 1344  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:31:51.0912 1344  FontCache - ok
19:31:51.0959 1344  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:31:51.0974 1344  FontCache3.0.0.0 - ok
19:31:52.0005 1344  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:31:52.0021 1344  FsDepends - ok
19:31:52.0052 1344  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:31:52.0068 1344  Fs_Rec - ok
19:31:52.0099 1344  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:31:52.0115 1344  fvevol - ok
19:31:52.0146 1344  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:31:52.0161 1344  gagp30kx - ok
19:31:52.0193 1344  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:31:52.0239 1344  gpsvc - ok
19:31:52.0302 1344  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:52.0333 1344  gupdate - ok
19:31:52.0333 1344  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:52.0364 1344  gupdatem - ok
19:31:52.0380 1344  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:31:52.0411 1344  hcw85cir - ok
19:31:52.0427 1344  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:31:52.0473 1344  HdAudAddService - ok
19:31:52.0489 1344  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:31:52.0505 1344  HDAudBus - ok
19:31:52.0551 1344  [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:52.0583 1344  HealthAlertsSvc - ok
19:31:52.0583 1344  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:31:52.0629 1344  HidBatt - ok
19:31:52.0645 1344  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:31:52.0676 1344  HidBth - ok
19:31:52.0692 1344  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:31:52.0707 1344  HidIr - ok
19:31:52.0723 1344  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:31:52.0770 1344  hidserv - ok
19:31:52.0785 1344  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:31:52.0801 1344  HidUsb - ok
19:31:52.0832 1344  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:31:52.0863 1344  hkmsvc - ok
19:31:52.0879 1344  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:31:52.0941 1344  HomeGroupListener - ok
19:31:52.0973 1344  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:31:53.0004 1344  HomeGroupProvider - ok
19:31:53.0035 1344  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:31:53.0051 1344  HpSAMD - ok
19:31:53.0082 1344  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:31:53.0129 1344  HTTP - ok
19:31:53.0144 1344  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:31:53.0160 1344  hwpolicy - ok
19:31:53.0175 1344  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:31:53.0191 1344  i8042prt - ok
19:31:53.0207 1344  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:31:53.0222 1344  iaStor - ok
19:31:53.0253 1344  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:31:53.0269 1344  iaStorV - ok
19:31:53.0316 1344  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:31:53.0347 1344  idsvc - ok
19:31:53.0519 1344  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:31:53.0784 1344  igfx - ok
19:31:53.0799 1344  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:31:53.0831 1344  iirsp - ok
19:31:53.0846 1344  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:31:53.0909 1344  IKEEXT - ok
19:31:53.0940 1344  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
19:31:53.0987 1344  Impcd - ok
19:31:53.0987 1344  [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor     C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:54.0002 1344  initMonitor - ok
19:31:54.0065 1344  [ 0B21B66574E5478FA10CCA2D36694C2D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:31:54.0143 1344  IntcAzAudAddService - ok
19:31:54.0158 1344  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:31:54.0205 1344  IntcDAud - ok
19:31:54.0221 1344  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:31:54.0236 1344  intelide - ok
19:31:54.0267 1344  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:31:54.0299 1344  intelppm - ok
19:31:54.0314 1344  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:31:54.0361 1344  IPBusEnum - ok
19:31:54.0377 1344  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:31:54.0408 1344  IpFilterDriver - ok
19:31:54.0439 1344  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:31:54.0501 1344  iphlpsvc - ok
19:31:54.0517 1344  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:31:54.0548 1344  IPMIDRV - ok
19:31:54.0564 1344  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:31:54.0595 1344  IPNAT - ok
19:31:54.0626 1344  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:31:54.0642 1344  IRENUM - ok
19:31:54.0657 1344  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:31:54.0673 1344  isapnp - ok
19:31:54.0689 1344  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:31:54.0720 1344  iScsiPrt - ok
19:31:54.0720 1344  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:31:54.0735 1344  kbdclass - ok
19:31:54.0751 1344  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:31:54.0782 1344  kbdhid - ok
19:31:54.0782 1344  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:31:54.0798 1344  KeyIso - ok
19:31:54.0813 1344  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:31:54.0829 1344  KSecDD - ok
19:31:54.0845 1344  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:31:54.0860 1344  KSecPkg - ok
19:31:54.0876 1344  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:31:54.0923 1344  ksthunk - ok
19:31:54.0938 1344  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:31:54.0985 1344  KtmRm - ok
19:31:55.0016 1344  [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig       C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
19:31:55.0016 1344  LANConfig - ok
19:31:55.0063 1344  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:31:55.0110 1344  LanmanServer - ok
19:31:55.0110 1344  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:31:55.0172 1344  LanmanWorkstation - ok
19:31:55.0188 1344  [ 9EA7FEB836F2BF0067E28B5DBDC43521 ] LcsCapiDrv      C:\Windows\system32\DRIVERS\rcapi.sys
19:31:55.0203 1344  LcsCapiDrv - ok
19:31:55.0235 1344  [ 3494C48BC6D105D5C91DF41213F84542 ] LcsCapiMdm      C:\Windows\system32\DRIVERS\vmdmd.sys
19:31:55.0266 1344  LcsCapiMdm - ok
19:31:55.0281 1344  [ FF8F6F503654486D0547CB847C927CA2 ] LcsFwTool       C:\Program Files\LANCOM\LANCAPI\fwtool.exe
19:31:55.0313 1344  LcsFwTool ( UnsignedFile.Multi.Generic ) - warning
19:31:55.0313 1344  LcsFwTool - detected UnsignedFile.Multi.Generic (1)
19:31:55.0344 1344  [ EE524DEAF4689C26AE4453304C4CECF3 ] LCSWAN          C:\Windows\system32\DRIVERS\lcswan.sys
19:31:55.0359 1344  LCSWAN - ok
19:31:55.0453 1344  [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:31:55.0562 1344  LiveUpdate - ok
19:31:55.0625 1344  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:31:55.0703 1344  lltdio - ok
19:31:55.0718 1344  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:31:55.0765 1344  lltdsvc - ok
19:31:55.0781 1344  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:31:55.0827 1344  lmhosts - ok
19:31:55.0843 1344  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:31:55.0859 1344  LSI_FC - ok
19:31:55.0874 1344  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:31:55.0890 1344  LSI_SAS - ok
19:31:55.0905 1344  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:31:55.0937 1344  LSI_SAS2 - ok
19:31:55.0937 1344  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:31:55.0952 1344  LSI_SCSI - ok
19:31:55.0968 1344  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:31:56.0015 1344  luafv - ok
19:31:56.0061 1344  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:31:56.0093 1344  Mcx2Svc - ok
19:31:56.0108 1344  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:31:56.0124 1344  megasas - ok
19:31:56.0139 1344  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:31:56.0171 1344  MegaSR - ok
19:31:56.0186 1344  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:31:56.0233 1344  MMCSS - ok
19:31:56.0249 1344  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:31:56.0280 1344  Modem - ok
19:31:56.0311 1344  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:31:56.0327 1344  monitor - ok
19:31:56.0342 1344  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:31:56.0358 1344  mouclass - ok
19:31:56.0373 1344  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
19:31:56.0405 1344  mouhid - ok
19:31:56.0420 1344  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:31:56.0436 1344  mountmgr - ok
19:31:56.0451 1344  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:31:56.0467 1344  mpio - ok
19:31:56.0483 1344  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:31:56.0529 1344  mpsdrv - ok
19:31:56.0561 1344  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:31:56.0623 1344  MpsSvc - ok
19:31:56.0623 1344  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:31:56.0654 1344  MRxDAV - ok
19:31:56.0685 1344  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:31:56.0701 1344  mrxsmb - ok
19:31:56.0717 1344  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:31:56.0748 1344  mrxsmb10 - ok
19:31:56.0748 1344  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:31:56.0795 1344  mrxsmb20 - ok
19:31:56.0810 1344  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:31:56.0826 1344  msahci - ok
19:31:56.0826 1344  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:31:56.0857 1344  msdsm - ok
19:31:56.0873 1344  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:31:56.0904 1344  MSDTC - ok
19:31:56.0935 1344  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:31:56.0997 1344  Msfs - ok
19:31:57.0029 1344  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:31:57.0060 1344  mshidkmdf - ok
19:31:57.0091 1344  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:31:57.0107 1344  msisadrv - ok
19:31:57.0107 1344  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:31:57.0153 1344  MSiSCSI - ok
19:31:57.0169 1344  msiserver - ok
19:31:57.0169 1344  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:31:57.0200 1344  MSKSSRV - ok
19:31:57.0216 1344  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:31:57.0247 1344  MSPCLOCK - ok
19:31:57.0263 1344  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:31:57.0294 1344  MSPQM - ok
19:31:57.0325 1344  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:31:57.0341 1344  MsRPC - ok
19:31:57.0356 1344  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:31:57.0356 1344  mssmbios - ok
19:31:57.0372 1344  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:31:57.0419 1344  MSTEE - ok
19:31:57.0434 1344  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:31:57.0465 1344  MTConfig - ok
19:31:57.0481 1344  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:31:57.0497 1344  Mup - ok
19:31:57.0512 1344  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:31:57.0559 1344  napagent - ok
19:31:57.0575 1344  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:31:57.0606 1344  NativeWifiP - ok
19:31:57.0699 1344  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130104.032\ENG64.SYS
19:31:57.0715 1344  NAVENG - ok
19:31:57.0762 1344  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130104.032\EX64.SYS
19:31:57.0840 1344  NAVEX15 - ok
19:31:57.0871 1344  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:31:57.0902 1344  NDIS - ok
19:31:57.0918 1344  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:31:57.0965 1344  NdisCap - ok
19:31:57.0980 1344  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:31:58.0011 1344  NdisTapi - ok
19:31:58.0027 1344  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:31:58.0058 1344  Ndisuio - ok
19:31:58.0089 1344  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:31:58.0136 1344  NdisWan - ok
19:31:58.0152 1344  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:31:58.0183 1344  NDProxy - ok
19:31:58.0199 1344  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:31:58.0245 1344  NetBIOS - ok
19:31:58.0261 1344  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:31:58.0292 1344  NetBT - ok
19:31:58.0308 1344  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:31:58.0323 1344  Netlogon - ok
19:31:58.0355 1344  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:31:58.0401 1344  Netman - ok
19:31:58.0417 1344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0433 1344  NetMsmqActivator - ok
19:31:58.0433 1344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0448 1344  NetPipeActivator - ok
19:31:58.0448 1344  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:31:58.0495 1344  netprofm - ok
19:31:58.0495 1344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0511 1344  NetTcpActivator - ok
19:31:58.0511 1344  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0526 1344  NetTcpPortSharing - ok
19:31:58.0542 1344  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:31:58.0557 1344  nfrd960 - ok
19:31:58.0620 1344  [ 5E10874181EF22FD8EFD77F7D1AE456B ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
19:31:58.0635 1344  NitroDriverReadSpool2 - ok
19:31:58.0667 1344  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:31:58.0698 1344  NlaSvc - ok
19:31:58.0698 1344  [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:58.0713 1344  NotificationsProviderSvc - ok
19:31:58.0729 1344  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:31:58.0760 1344  Npfs - ok
19:31:58.0776 1344  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:31:58.0807 1344  nsi - ok
19:31:58.0823 1344  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:31:58.0854 1344  nsiproxy - ok
19:31:58.0901 1344  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:31:58.0963 1344  Ntfs - ok
19:31:58.0979 1344  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:31:59.0025 1344  Null - ok
19:31:59.0057 1344  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:31:59.0072 1344  nvraid - ok
19:31:59.0103 1344  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:31:59.0119 1344  nvstor - ok
19:31:59.0135 1344  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:31:59.0150 1344  nv_agp - ok
19:31:59.0166 1344  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:31:59.0197 1344  ohci1394 - ok
19:31:59.0228 1344  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:31:59.0259 1344  ose - ok
19:31:59.0369 1344  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:31:59.0431 1344  osppsvc - ok
19:31:59.0462 1344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:31:59.0493 1344  p2pimsvc - ok
19:31:59.0509 1344  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:31:59.0540 1344  p2psvc - ok
19:31:59.0556 1344  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:31:59.0571 1344  Parport - ok
19:31:59.0603 1344  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:31:59.0618 1344  partmgr - ok
19:31:59.0618 1344  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:31:59.0649 1344  PcaSvc - ok
19:31:59.0665 1344  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:31:59.0681 1344  pci - ok
19:31:59.0696 1344  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:31:59.0712 1344  pciide - ok
19:31:59.0743 1344  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:31:59.0759 1344  pcmcia - ok
19:31:59.0774 1344  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:31:59.0790 1344  pcw - ok
19:31:59.0805 1344  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:31:59.0852 1344  PEAUTH - ok
19:31:59.0883 1344  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:31:59.0961 1344  PeerDistSvc - ok
19:32:00.0024 1344  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:32:00.0055 1344  PerfHost - ok
19:32:00.0086 1344  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:32:00.0149 1344  pla - ok
19:32:00.0180 1344  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:32:00.0258 1344  PlugPlay - ok
19:32:00.0258 1344  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:32:00.0273 1344  PNRPAutoReg - ok
19:32:00.0305 1344  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:32:00.0305 1344  PNRPsvc - ok
19:32:00.0336 1344  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:32:00.0383 1344  PolicyAgent - ok
19:32:00.0414 1344  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:32:00.0445 1344  Power - ok
19:32:00.0507 1344  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:32:00.0570 1344  PptpMiniport - ok
19:32:00.0585 1344  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:32:00.0617 1344  Processor - ok
19:32:00.0648 1344  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:32:00.0695 1344  ProfSvc - ok
19:32:00.0710 1344  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:00.0710 1344  ProtectedStorage - ok
19:32:00.0741 1344  [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:00.0741 1344  providers_system - ok
19:32:00.0773 1344  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:32:00.0819 1344  Psched - ok
19:32:00.0897 1344  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:32:00.0975 1344  ql2300 - ok
19:32:00.0991 1344  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:32:01.0022 1344  ql40xx - ok
19:32:01.0038 1344  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:32:01.0053 1344  QWAVE - ok
19:32:01.0053 1344  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:32:01.0085 1344  QWAVEdrv - ok
19:32:01.0100 1344  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:32:01.0131 1344  RasAcd - ok
19:32:01.0147 1344  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:01.0194 1344  RasAgileVpn - ok
19:32:01.0194 1344  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:32:01.0241 1344  RasAuto - ok
19:32:01.0256 1344  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:01.0303 1344  Rasl2tp - ok
19:32:01.0319 1344  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:32:01.0350 1344  RasMan - ok
19:32:01.0365 1344  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:01.0397 1344  RasPppoe - ok
19:32:01.0428 1344  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:32:01.0459 1344  RasSstp - ok
19:32:01.0475 1344  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:32:01.0521 1344  rdbss - ok
19:32:01.0553 1344  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:01.0568 1344  rdpbus - ok
19:32:01.0584 1344  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:01.0615 1344  RDPCDD - ok
19:32:01.0630 1344  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:32:01.0662 1344  RDPDR - ok
19:32:01.0662 1344  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:32:01.0708 1344  RDPENCDD - ok
19:32:01.0708 1344  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:32:01.0755 1344  RDPREFMP - ok
19:32:01.0771 1344  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:01.0802 1344  RdpVideoMiniport - ok
19:32:01.0818 1344  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:32:01.0849 1344  RDPWD - ok
19:32:01.0880 1344  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:32:01.0896 1344  rdyboost - ok
19:32:01.0911 1344  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:32:01.0958 1344  RemoteAccess - ok
19:32:01.0989 1344  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:32:02.0020 1344  RemoteRegistry - ok
19:32:02.0052 1344  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
19:32:02.0098 1344  ROOTMODEM - ok
19:32:02.0130 1344  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:32:02.0161 1344  RpcEptMapper - ok
19:32:02.0161 1344  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:32:02.0192 1344  RpcLocator - ok
19:32:02.0208 1344  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:32:02.0254 1344  RpcSs - ok
19:32:02.0270 1344  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:32:02.0317 1344  rspndr - ok
19:32:02.0348 1344  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:32:02.0364 1344  RTL8167 - ok
19:32:02.0379 1344  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:32:02.0395 1344  s3cap - ok
19:32:02.0442 1344  [ C3B35487CFB25357D313625A691E1200 ] SageDeploymentService C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe
19:32:02.0488 1344  SageDeploymentService - ok
19:32:02.0488 1344  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:32:02.0504 1344  SamSs - ok
19:32:02.0520 1344  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:32:02.0535 1344  sbp2port - ok
19:32:02.0566 1344  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:32:02.0613 1344  SCardSvr - ok
19:32:02.0629 1344  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:32:02.0676 1344  scfilter - ok
19:32:02.0691 1344  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:32:02.0754 1344  Schedule - ok
19:32:02.0769 1344  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:32:02.0800 1344  SCPolicySvc - ok
19:32:02.0816 1344  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:32:02.0847 1344  SDRSVC - ok
19:32:02.0941 1344  [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
19:32:02.0956 1344  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
19:32:02.0956 1344  SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
19:32:02.0988 1344  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:32:03.0050 1344  secdrv - ok
19:32:03.0066 1344  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:32:03.0097 1344  seclogon - ok
19:32:03.0112 1344  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:32:03.0175 1344  SENS - ok
19:32:03.0175 1344  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:32:03.0206 1344  SensrSvc - ok
19:32:03.0237 1344  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:32:03.0253 1344  Serenum - ok
19:32:03.0268 1344  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:32:03.0300 1344  Serial - ok
19:32:03.0315 1344  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:32:03.0346 1344  sermouse - ok
19:32:03.0362 1344  [ 2AF4866050E7C07132473AA5E57630EB ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
19:32:03.0362 1344  ServiceProviderRegistry - ok
19:32:03.0393 1344  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:32:03.0424 1344  SessionEnv - ok
19:32:03.0440 1344  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:32:03.0456 1344  sffdisk - ok
19:32:03.0487 1344  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:32:03.0502 1344  sffp_mmc - ok
19:32:03.0518 1344  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:32:03.0534 1344  sffp_sd - ok
19:32:03.0565 1344  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:03.0580 1344  sfloppy - ok
19:32:03.0612 1344  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:32:03.0658 1344  SharedAccess - ok
19:32:03.0674 1344  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:03.0721 1344  ShellHWDetection - ok
19:32:03.0752 1344  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:32:03.0768 1344  SiSRaid2 - ok
19:32:03.0783 1344  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:32:03.0814 1344  SiSRaid4 - ok
19:32:03.0814 1344  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:32:03.0861 1344  Smb - ok
19:32:03.0939 1344  [ 4B1DAFE4100555239354950AC537C98C ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
19:32:04.0002 1344  SmcService - ok
19:32:04.0033 1344  [ F2544BF1302EBFEFD006E32AC55703F4 ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
19:32:04.0048 1344  SNAC - ok
19:32:04.0095 1344  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:32:04.0111 1344  SNMPTRAP - ok
19:32:04.0142 1344  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:32:04.0142 1344  spldr - ok
19:32:04.0173 1344  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:32:04.0204 1344  Spooler - ok
19:32:04.0267 1344  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:32:04.0516 1344  sppsvc - ok
19:32:04.0516 1344  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:32:04.0563 1344  sppuinotify - ok
19:32:04.0579 1344  [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc  C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:04.0579 1344  SqmProviderSvc - ok
19:32:04.0610 1344  [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP           C:\Windows\system32\Drivers\SRTSP64.SYS
19:32:04.0626 1344  SRTSP - ok
19:32:04.0657 1344  [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
19:32:04.0672 1344  SRTSPL - ok
19:32:04.0672 1344  [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
19:32:04.0688 1344  SRTSPX - ok
19:32:04.0719 1344  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:32:04.0750 1344  srv - ok
19:32:04.0766 1344  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:32:04.0782 1344  srv2 - ok
19:32:04.0797 1344  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:32:04.0828 1344  srvnet - ok
19:32:04.0860 1344  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:32:04.0906 1344  SSDPSRV - ok
19:32:04.0906 1344  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:32:04.0938 1344  SstpSvc - ok
19:32:04.0953 1344  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:32:04.0984 1344  stexstor - ok
19:32:05.0000 1344  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:32:05.0047 1344  stisvc - ok
19:32:05.0062 1344  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:32:05.0078 1344  storflt - ok
19:32:05.0094 1344  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
19:32:05.0125 1344  StorSvc - ok
19:32:05.0140 1344  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:32:05.0172 1344  storvsc - ok
19:32:05.0172 1344  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:32:05.0187 1344  swenum - ok
19:32:05.0203 1344  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:32:05.0250 1344  swprv - ok
19:32:05.0296 1344  [ B9B3B38A852F13D6F61ACB3994872EDA ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
19:32:05.0328 1344  Symantec AntiVirus - ok
19:32:05.0359 1344  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:32:05.0390 1344  SymEvent - ok
19:32:05.0406 1344  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:32:05.0499 1344  SysMain - ok
19:32:05.0499 1344  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:05.0530 1344  TabletInputService - ok
19:32:05.0577 1344  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:32:05.0624 1344  TapiSrv - ok
19:32:05.0640 1344  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:32:05.0671 1344  TBS - ok
19:32:05.0718 1344  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:32:05.0796 1344  Tcpip - ok
19:32:05.0842 1344  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:32:05.0889 1344  TCPIP6 - ok
19:32:05.0905 1344  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:32:05.0920 1344  tcpipreg - ok
19:32:05.0952 1344  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:32:05.0983 1344  TDPIPE - ok
19:32:05.0998 1344  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:32:06.0014 1344  TDTCP - ok
19:32:06.0030 1344  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:32:06.0076 1344  tdx - ok
19:32:06.0154 1344  [ F3C2CD627103DEE48C2085050376ECCE ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
19:32:06.0201 1344  TeamViewer6 - ok
19:32:06.0217 1344  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:32:06.0232 1344  TermDD - ok
19:32:06.0248 1344  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:32:06.0295 1344  TermService - ok
19:32:06.0310 1344  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:32:06.0342 1344  Themes - ok
19:32:06.0357 1344  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:32:06.0388 1344  THREADORDER - ok
19:32:06.0404 1344  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
19:32:06.0435 1344  TPM - ok
19:32:06.0451 1344  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:32:06.0498 1344  TrkWks - ok
19:32:06.0529 1344  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:06.0560 1344  TrustedInstaller - ok
19:32:06.0591 1344  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:06.0622 1344  tssecsrv - ok
19:32:06.0638 1344  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:32:06.0685 1344  TsUsbFlt - ok
19:32:06.0700 1344  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:32:06.0732 1344  TsUsbGD - ok
19:32:06.0747 1344  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:32:06.0794 1344  tunnel - ok
19:32:06.0810 1344  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:32:06.0841 1344  uagp35 - ok
19:32:06.0856 1344  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:32:06.0903 1344  udfs - ok
19:32:06.0934 1344  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:32:06.0950 1344  UI0Detect - ok
19:32:06.0966 1344  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:32:06.0981 1344  uliagpkx - ok
19:32:06.0997 1344  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:32:07.0028 1344  umbus - ok
19:32:07.0044 1344  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:32:07.0075 1344  UmPass - ok
19:32:07.0090 1344  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:32:07.0122 1344  UmRdpService - ok
19:32:07.0153 1344  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:32:07.0200 1344  upnphost - ok
19:32:07.0231 1344  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:32:07.0262 1344  usbaudio - ok
19:32:07.0278 1344  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:07.0309 1344  usbccgp - ok
19:32:07.0324 1344  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:32:07.0356 1344  usbcir - ok
19:32:07.0371 1344  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:32:07.0387 1344  usbehci - ok
19:32:07.0418 1344  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:32:07.0449 1344  usbhub - ok
19:32:07.0465 1344  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:32:07.0480 1344  usbohci - ok
19:32:07.0512 1344  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:32:07.0543 1344  usbprint - ok
19:32:07.0558 1344  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:07.0605 1344  USBSTOR - ok
19:32:07.0621 1344  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:32:07.0636 1344  usbuhci - ok
19:32:07.0652 1344  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:32:07.0714 1344  UxSms - ok
19:32:07.0714 1344  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:32:07.0730 1344  VaultSvc - ok
19:32:07.0746 1344  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:32:07.0761 1344  vdrvroot - ok
19:32:07.0777 1344  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:32:07.0824 1344  vds - ok
19:32:07.0839 1344  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:07.0855 1344  vga - ok
19:32:07.0870 1344  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:32:07.0902 1344  VgaSave - ok
19:32:07.0917 1344  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:32:07.0933 1344  vhdmp - ok
19:32:07.0948 1344  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:32:07.0964 1344  viaide - ok
19:32:07.0980 1344  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:32:07.0995 1344  vmbus - ok
19:32:08.0011 1344  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:32:08.0042 1344  VMBusHID - ok
19:32:08.0058 1344  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:32:08.0073 1344  volmgr - ok
19:32:08.0089 1344  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:32:08.0104 1344  volmgrx - ok
19:32:08.0120 1344  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:32:08.0136 1344  volsnap - ok
19:32:08.0167 1344  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:32:08.0182 1344  vsmraid - ok
19:32:08.0229 1344  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:32:08.0292 1344  VSS - ok
19:32:08.0323 1344  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:32:08.0354 1344  vwifibus - ok
19:32:08.0370 1344  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:32:08.0432 1344  W32Time - ok
19:32:08.0448 1344  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:32:08.0463 1344  WacomPen - ok
19:32:08.0479 1344  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:32:08.0510 1344  WANARP - ok
19:32:08.0510 1344  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:32:08.0541 1344  Wanarpv6 - ok
19:32:08.0572 1344  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:32:08.0650 1344  wbengine - ok
19:32:08.0666 1344  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:32:08.0682 1344  WbioSrvc - ok
19:32:08.0697 1344  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:32:08.0728 1344  wcncsvc - ok
19:32:08.0728 1344  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:08.0760 1344  WcsPlugInService - ok
19:32:08.0791 1344  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:32:08.0806 1344  Wd - ok
19:32:08.0822 1344  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:32:08.0853 1344  Wdf01000 - ok
19:32:08.0869 1344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:32:08.0916 1344  WdiServiceHost - ok
19:32:08.0916 1344  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:32:08.0947 1344  WdiSystemHost - ok
19:32:08.0947 1344  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:32:08.0978 1344  WebClient - ok
19:32:08.0994 1344  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:32:09.0025 1344  Wecsvc - ok
19:32:09.0040 1344  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:32:09.0087 1344  wercplsupport - ok
19:32:09.0103 1344  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:32:09.0134 1344  WerSvc - ok
19:32:09.0165 1344  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:09.0196 1344  WfpLwf - ok
19:32:09.0196 1344  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:32:09.0212 1344  WIMMount - ok
19:32:09.0243 1344  WinDefend - ok
19:32:09.0243 1344  WinHttpAutoProxySvc - ok
19:32:09.0274 1344  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:32:09.0352 1344  Winmgmt - ok
19:32:09.0384 1344  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:32:09.0462 1344  WinRM - ok
19:32:09.0493 1344  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:32:09.0524 1344  Wlansvc - ok
19:32:09.0555 1344  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:32:09.0571 1344  wlcrasvc - ok
19:32:09.0649 1344  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:09.0696 1344  wlidsvc - ok
19:32:09.0711 1344  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:32:09.0742 1344  WmiAcpi - ok
19:32:09.0758 1344  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:32:09.0789 1344  wmiApSrv - ok
19:32:09.0805 1344  WMPNetworkSvc - ok
19:32:09.0836 1344  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:32:09.0867 1344  WPCSvc - ok
19:32:09.0883 1344  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:32:09.0914 1344  WPDBusEnum - ok
19:32:09.0930 1344  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:32:09.0976 1344  ws2ifsl - ok
19:32:10.0008 1344  [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
19:32:10.0023 1344  WSConnectorUpdate - ok
19:32:10.0023 1344  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:32:10.0054 1344  wscsvc - ok
19:32:10.0054 1344  WSearch - ok
19:32:10.0070 1344  [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:10.0086 1344  WSS_ComputerBackupProviderSvc - ok
19:32:10.0132 1344  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:32:10.0195 1344  wuauserv - ok
19:32:10.0210 1344  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:32:10.0226 1344  WudfPf - ok
19:32:10.0257 1344  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:10.0273 1344  WUDFRd - ok
19:32:10.0288 1344  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:32:10.0320 1344  wudfsvc - ok
19:32:10.0335 1344  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:32:10.0382 1344  WwanSvc - ok
19:32:10.0382 1344  ================ Scan global ===============================
19:32:10.0398 1344  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:32:10.0429 1344  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:32:10.0444 1344  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:32:10.0460 1344  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:32:10.0476 1344  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:32:10.0476 1344  [Global] - ok
19:32:10.0476 1344  ================ Scan MBR ==================================
19:32:10.0491 1344  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:32:10.0710 1344  \Device\Harddisk0\DR0 - ok
19:32:10.0710 1344  ================ Scan VBR ==================================
19:32:10.0741 1344  [ 961D246BDC8630037942F7EA32C90C61 ] \Device\Harddisk0\DR0\Partition1
19:32:10.0741 1344  \Device\Harddisk0\DR0\Partition1 - ok
19:32:10.0741 1344  ============================================================
19:32:10.0741 1344  Scan finished
19:32:10.0741 1344  ============================================================
19:32:10.0756 5688  Detected object count: 2
19:32:10.0756 5688  Actual detected object count: 2
19:32:34.0920 5688  LcsFwTool ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:34.0920 5688  LcsFwTool ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:32:34.0920 5688  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:34.0920 5688  SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 05.01.2013, 19:57   #8
markusg
/// Malware-holic
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 17:44   #9
kurzerhh
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Combofix

Code:
ATTFilter
ComboFix 13-01-05.01 - master 06.01.2013  17:34:26.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4000.1948 [GMT 1:00]
ausgeführt von:: c:\users\wommelsdorff\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3769320754
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-06 bis 2013-01-06  ))))))))))))))))))))))))))))))
.
.
2013-01-02 18:59 . 2013-01-02 18:59	--------	d-----w-	C:\_OTL
2013-01-01 19:47 . 2013-01-01 19:47	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-01 19:47 . 2013-01-01 19:47	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-01 19:46 . 2013-01-01 19:46	--------	d-----w-	c:\program files (x86)\Java
2013-01-01 18:48 . 2013-01-01 18:48	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-01-01 18:29 . 2013-01-01 18:29	--------	d-----w-	c:\program files\CCleaner
2013-01-01 18:28 . 2013-01-01 18:28	--------	d-----w-	c:\users\master.HAMBURG\AppData\Roaming\OCS
2013-01-01 18:27 . 2013-01-01 18:30	--------	d-----w-	c:\users\wommelsdorff\AppData\Local\Opera
2013-01-01 18:26 . 2013-01-01 18:27	--------	d-----w-	c:\users\wommelsdorff\AppData\Local\Programs
2012-12-29 14:36 . 2012-12-29 14:36	--------	d-----w-	c:\users\master.HAMBURG\AppData\Local\Microsoft_Corporation
2012-12-29 13:36 . 2012-12-29 13:36	--------	d-----w-	c:\users\master.HAMBURG\AppData\Local\Programs
2012-12-28 10:40 . 2012-12-28 10:40	2959	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 14:54 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 14:48 . 2012-12-29 16:53	--------	d-----w-	c:\users\master.HAMBURG\AppData\Local\Google
2012-12-21 14:48 . 2012-12-21 14:49	--------	d-----w-	c:\users\wommelsdorff\AppData\Local\Google
2012-12-21 14:47 . 2012-12-21 14:47	--------	d-----w-	c:\users\wommelsdorff\AppData\Local\Deployment
2012-12-21 14:47 . 2012-12-21 14:47	--------	d-----w-	c:\users\wommelsdorff\AppData\Local\Apps
2012-12-20 07:02 . 2012-12-20 07:02	--------	d-----w-	c:\users\wommelsdorff\AppData\Roaming\Malwarebytes
2012-12-19 18:51 . 2012-12-19 18:51	--------	d-----w-	c:\users\master.HAMBURG\AppData\Roaming\Malwarebytes
2012-12-19 18:51 . 2012-12-19 18:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-19 18:51 . 2012-12-29 13:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 18:51 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-11 21:43 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-11 21:42 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-11 21:42 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-01 19:46 . 2012-07-19 10:25	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-01 19:46 . 2012-07-19 10:25	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-01 19:42 . 2012-04-21 19:10	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-01 19:42 . 2012-04-21 19:10	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 07:47 . 2012-04-22 07:38	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-27 23:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:50	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:50	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 03:42	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 03:42	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 03:42	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 03:42	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LANCAPI"="c:\program files\LANCOM\LANCAPI\rcapi.exe" [2011-06-16 482816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2012-04-22 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\wommelsdorff\Downloads\OTL.exe" [2012-12-29 602112]
.
c:\users\wommelsdorff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LANCAPI.lnk - c:\program files\LANCOM\LANCAPI\rcapi.exe [2011-6-16 482816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 initMonitor;Windows Server-Initialisierungsdienst;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-04-13 158976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 SqmProviderSvc;SQM-Dienst von Windows Server;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 HealthAlertsSvc;Integritätsdienst von Windows Server;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 LANConfig;Windows Server-LAN-Konfiguration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 LcsFwTool;LANCOM Systems FWTool;c:\program files\LANCOM\LANCAPI\fwtool.exe [2011-06-16 214528]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-09-04 216072]
S2 NotificationsProviderSvc;Windows Server-Anbieterdienst für Benachrichtigungen;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 providers_system;Windows Server-Downloaddienst;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 SageDeploymentService;Sage Verteilungsdienst;c:\program files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [2011-05-31 424088]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-01-01 40960]
S2 ServiceProviderRegistry;Dienstanbieterregistrierung von Windows Server;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2367360]
S2 WSConnectorUpdate;Windows Server-Connector-Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server-Anbieterdienst für die Clientcomputersicherung;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 63872]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-13 317440]
S3 LcsCapiDrv;LANCAPI Driver;c:\windows\system32\DRIVERS\rcapi.sys [2011-06-16 338432]
S3 LcsCapiMdm;LANCOM CAPI Faxmodem Port;c:\windows\system32\DRIVERS\vmdmd.sys [2009-08-25 279712]
S3 LCSWAN;LANCOM NDISWAN;c:\windows\system32\DRIVERS\lcswan.sys [2010-11-04 31744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-29 533096]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 63772799
*Deregistered* - 63772799
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:42]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 14:48]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Ocs_SM"="c:\users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-01 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.40.5 217.237.150.205
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SMB50StarMoneyRunEntry - x:\app\oflagent.exe
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06  17:40:17
ComboFix-quarantined-files.txt  2013-01-06 16:40
.
Vor Suchlauf: 10 Verzeichnis(se), 322.116.677.632 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 321.923.026.944 Bytes frei
.
- - End Of File - - 9AC3E796F09C46BD04BDE0EEBCB868C1
         

Alt 07.01.2013, 16:14   #10
markusg
/// Malware-holic
 
Googlesuche wird auf falsche Seiten weitergeleitet. - Standard

Googlesuche wird auf falsche Seiten weitergeleitet.



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Googlesuche wird auf falsche Seiten weitergeleitet.
7-zip, andere, board, duplicati, folge, folgen, forum, frohes, gesundes, google, gruppe, install.exe, installier, installiert, intranet, laufe, laufen, malwarebytes, neues, ntdll.dll, scans, seite, seiten, starmoney, suche, troja, trojaner, ungültiges, weitergeleitet, wünsche



Ähnliche Themen: Googlesuche wird auf falsche Seiten weitergeleitet.


  1. internet explorer öffnet ungewollte seiten bei googlesuche bitte um HILFE
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (24)
  2. firefox leitet bei googlesuche auf "falsche" Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (22)
  3. Google Redirect-Virus - ich werde auf falsche seiten weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (20)
  4. Werde auf fremde Seiten weitergeleitet
    Log-Analyse und Auswertung - 28.11.2011 (15)
  5. Werde auf fremde Seiten weitergeleitet
    Log-Analyse und Auswertung - 17.11.2011 (37)
  6. Firefox: bei Google suche wird manchmal auf falsche seiten weitergeleitet
    Log-Analyse und Auswertung - 05.07.2011 (5)
  7. Google-Links auf S**-Seiten weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.03.2011 (23)
  8. Browser öffnet falsche Seiten, Windows update wird blockiert
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (17)
  9. FireFox/GoogleChrome - Falsche Weiterleitung bei Googlesuche
    Log-Analyse und Auswertung - 21.12.2010 (17)
  10. Externe Links werden auf falsche Seiten (z.B. find-here) weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (3)
  11. von Google auf falsche Seiten weitergeleitet - Mozilla
    Plagegeister aller Art und deren Bekämpfung - 20.12.2009 (2)
  12. Werde von Google Ergebnissen auf falsche Links weitergeleitet
    Log-Analyse und Auswertung - 09.05.2009 (12)
  13. Werde auf falsche Webseiten weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 27.02.2009 (0)
  14. Googlesuche wird woanders umgeleitet
    Log-Analyse und Auswertung - 20.02.2009 (0)
  15. Falsche Fehlerseiten, andauernd Pop Ups und Googel leitet auf falsche Seiten weiter!
    Plagegeister aller Art und deren Bekämpfung - 26.12.2008 (1)
  16. Mozilla bei Googlesuche kommen andere Seiten als angefordert
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (0)
  17. Googlesuche - Weiterleitung auf andere Seiten
    Mülltonne - 01.07.2008 (0)

Zum Thema Googlesuche wird auf falsche Seiten weitergeleitet. - Hallo Boardteam, ich wünsche euch ein frohes gesundes und erfolgreiches neues Jahr. Wie hier im Forum steht sollte jeder für sein Trojaner ein eigen Post aufmachen, also fange ich an. - Googlesuche wird auf falsche Seiten weitergeleitet....
Archiv
Du betrachtest: Googlesuche wird auf falsche Seiten weitergeleitet. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.