Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ist mein PC Viren und Trojanerfrei?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2013, 16:07   #1
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Hi,
also wie folgt hat es sich verhalten. Unsere Website war befallen durch ein böses Skript und eine FTP-Attacke hatten wir auch. Der FTP wurde per Backup gerettet, das Skript versteckte sich bis heute hartnäckig in einer Datei.

Der PC wurde zwar schon einmal platt gemacht, aber welche Möglichkeiten gibt es jetzt noch um 100% sicher zu sein, dass ich von diesem wieder aus arbeiten kann?

Antivirenprogramm (Mcafee) ist vorhanden sowie Firewall ist aktiviert.

Alt 19.02.2013, 16:17   #2
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 20.02.2013, 07:32   #3
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Morgen,
Hier die zwei Dateien:
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 20.02.2013 07:54:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,15% Memory free
6,48 Gb Paging File | 5,08 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,50 Gb Total Space | 254,87 Gb Free Space | 86,55% Space Free | Partition Type: NTFS
 
Computer Name: ** | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{565FD504-380B-4932-B72B-650DBABA26E3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{586DA902-68E1-4550-9393-B2DBA3BD6EB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{B5866212-5431-428F-88FD-45BB933406CF}" = lport=3389 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6BF72-A454-47E4-8BF7-28D53CD2A416}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{09661042-4323-4321-A3B2-45CB4387CEF3}" = dir=in | app=c:\program files\microsoft lync\ucmapi.exe | 
"{096CD2DD-83FB-4353-8846-F38AD87F0E64}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{0D4EF3C2-9A8D-494C-B039-2B8C37127065}" = protocol=17 | dir=in | app=c:\program files\estos\procall 3\clninst.exe | 
"{3950BD9C-9628-4D8E-90C6-3B1C7730FDC3}" = protocol=17 | dir=in | app=c:\windows\system32\eacusrv.exe | 
"{57D00C2E-982B-4565-871C-272C3C1EA541}" = protocol=6 | dir=in | app=c:\program files\estos\procall 3\clninst.exe | 
"{6D624E64-28BA-4045-8857-59CBBA35F906}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{732C54D6-0415-4359-AFA1-B708AB389916}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{81E77F0A-4176-4C52-85C3-5BA025050FAA}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{87655B42-4864-4C30-833D-A553B27BEEEA}" = protocol=6 | dir=in | app=c:\windows\system32\eacusrv.exe | 
"{941BA3CB-C6E7-4F65-9F7C-463AB988BE4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AAE45CBE-2DE3-4F72-8335-EB048265DEFF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{AEBB6852-2122-42C2-BBED-EDDCAAD5589C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{AF58E3EF-9547-4793-8D5D-F1BCF728686B}" = protocol=6 | dir=in | app=c:\windows\system32\eacusrv.exe | 
"{B5FB47DE-CDE2-494B-A77E-7E7FD58610BC}" = dir=in | app=c:\program files\microsoft lync\communicator.exe | 
"{B8680364-963C-4482-A648-7555841D025E}" = protocol=17 | dir=in | app=c:\windows\system32\eacusrv.exe | 
"{C046F48A-049C-499D-BB57-24F0AAD74CA6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EC2797B8-DCA3-44A2-868A-1F047EDCEEDD}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{ED764AF0-8DBD-47AC-A040-87CFD840B7E0}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{EE8F86AE-84E1-4AF2-8C3E-EFDA061F9697}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix Online Plug-in (SSON)
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix Online Plug-in (USB)
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix Online Plug-in (Web)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{43B9A676-F3EA-4B2F-BD49-E272B66E2B1F}" = ESTOS ProCall
"{46F2A190-3663-48FB-B11B-2AEEEB968C94}" = Microsoft Online Services-Anmelde-Assistent
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix Online Plug-in (HDX)
"{58A013B1-1613-4978-881A-FCA43710C84A}" = Microsoft Lync 2010
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix Online Plug-in (DV)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix Online Plug-in (PNA)
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD59A4BA-8486-43C8-97C7-2536725FD09C}" = McAfee SiteAdvisor Enterprise
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe FrameMaker 7.1" = Adobe FrameMaker v7.1
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"FileZilla Client" = FileZilla Client 3.6.0.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"NAV" = Norton AntiVirus
"Notepad++" = Notepad++
"NST" = Norton Identity Safe
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Outlook Connector for MDaemon Plug-in" = Outlook Connector for MDaemon Plug-in
"TeamViewer 5 Host" = TeamViewer 5 Host
"TVWiz" = Intel(R) TV Wizard
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2013 07:32:53 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.02.2013 07:32:54 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.02.2013 07:33:04 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.02.2013 02:09:44 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.02.2013 02:09:45 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.02.2013 02:11:09 | Computer Name = **.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 02:11:02 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.02.2013 02:11:04 | Computer Name = **.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.02.2013 02:11:57 | Computer Name = **.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 02:53:47 | Computer Name = **.local | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17ac    Startzeit:
 01ce0f36a26a34fb    Endzeit: 16    Anwendungspfad: C:\Users\Simetz\Desktop\OTL.exe    Berichts-ID:
 3a754ce6-7b2a-11e2-83d2-002197158ff3  
 
[ System Events ]
Error - 14.02.2013 10:28:46 | Computer Name = **.**.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:33:56 | Computer Name = **.RVS1.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:39:06 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:44:16 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:49:26 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:54:36 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 10:59:46 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 11:04:57 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.02.2013 11:10:07 | Computer Name = **.local | Source = NetBT | ID = 4321
Description = Der Name "RVS1           :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse **  registriert werden. Der Computer mit IP-Adresse **
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 19.02.2013 02:09:25 | Computer Name = **.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne RVS1 aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
 
< End of report >
         
und die OTL.txt
Code:
ATTFilter
OTL logfile created on: 20.02.2013 07:54:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\**\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 52,15% Memory free
6,48 Gb Paging File | 5,08 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,50 Gb Total Space | 254,87 Gb Free Space | 86,55% Space Free | Partition Type: NTFS
 
Computer Name: ** | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\**\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Norton AntiVirus\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
PRC - C:\Programme\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor Enterprise\saHookMain.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Windows\System32\EACUSrv.exe (ESTOS GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll ()
MOD - C:\Programme\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
MOD - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\wincfi39.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (RumorServer) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Enterprise Service) -- C:\Programme\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.)
SRV - (EACUSrv) -- C:\Windows\System32\EACUSrv.exe (ESTOS GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (msoidsvc) -- C:\Programme\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PnSson) --  File not found
DRV - (mfeavfk01) --  File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\navex15.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\naveng.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys (Symantec Corporation)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1402010.016\symds.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NAV\1402010.016\symnets.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NAV\1402010.016\ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.sys (Symantec Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 DC 55 34 1A FE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.02.20 07:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2013.02.19 11:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013.02.20 07:10:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 07:33:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.13 10:58:24 | 000,000,000 | ---D | M]
 
[2013.01.29 14:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013.02.06 07:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.06 07:33:54 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.28 20:39:06 | 000,031,872 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130129133050.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Programme\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ECtiClient] C:\Program Files\ESTOS\ProCall 3\eCtiClient.exe (ESTOS GmbH)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InstHwApi] C:\Program Files\McAfee\Managed VirusScan\Agent\myInx.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync-Add-On - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RVS1.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4127E74-D69B-4768-A57C-2C38E49B03CF}: NameServer = 172.19.176.11,172.19.180.144
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Programme\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{799879e2-6a00-11e2-882b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{799879e2-6a00-11e2-882b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Lync 2010
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.20 07:32:14 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.sys
[2013.02.20 07:32:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD02010.021
[2013.02.19 13:28:45 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symnets.sys
[2013.02.19 13:28:45 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.sys
[2013.02.19 13:28:44 | 000,927,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.sys
[2013.02.19 13:28:44 | 000,586,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.sys
[2013.02.19 13:28:44 | 000,368,288 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\symds.sys
[2013.02.19 13:28:44 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\ironx86.sys
[2013.02.19 13:28:44 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.sys
[2013.02.19 13:28:44 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.sys
[2013.02.19 13:28:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1402010.016
[2013.02.19 11:51:49 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.sys
[2013.02.19 11:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST
[2013.02.19 11:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DD02000.012
[2013.02.19 11:51:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013.02.19 11:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2013.02.19 11:51:38 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.02.19 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.02.19 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.02.19 11:50:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2013.02.19 11:50:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2013.02.19 11:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2013.02.19 11:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.02.19 11:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.02.19 11:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013.02.13 10:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
[2013.02.13 10:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync
[2013.02.13 10:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.13 10:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.13 10:56:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing
[2013.02.13 10:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\OCSetup
[2013.02.06 07:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.31 10:49:55 | 000,000,000 | ---D | C] -- C:\OkiDriver
[2013.01.31 09:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.01.31 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2013.01.31 08:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.31 08:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.31 08:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.31 07:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\FrameMaker7.1
[2013.01.31 07:53:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013.01.30 07:34:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013.01.29 15:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.01.29 15:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2013.01.29 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.01.29 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.01.29 14:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.01.29 14:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.01.29 14:18:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.01.29 14:18:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2013.01.29 14:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013.01.29 14:13:11 | 000,000,000 | ---D | C] -- C:\Alter_PCs
[2013.01.29 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2013.01.29 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2013.01.29 14:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.01.29 14:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.01.29 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013.01.29 14:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2013.01.29 14:07:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2013.01.29 14:07:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix
[2013.01.29 14:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2013.01.29 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESTOS
[2013.01.29 14:06:02 | 003,306,824 | ---- | C] (ESTOS GmbH) -- C:\Windows\System32\EACUSrv.exe
[2013.01.29 14:05:57 | 000,872,448 | ---- | C] (ESTOS GmbH) -- C:\Windows\System32\edial.tsp
[2013.01.29 14:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTOS
[2013.01.29 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESTOS
[2013.01.29 14:04:48 | 000,373,248 | ---- | C] (Alt-N Technologies) -- C:\Windows\System32\MDConnector32X.dll
[2013.01.29 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook Connector for MDaemon Plug-in
[2013.01.29 14:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook Connector for MDaemon Plug-in
[2013.01.29 14:04:47 | 003,024,384 | ---- | C] (Alt-N Technologies, Ltd.) -- C:\Windows\System32\MDConnector32.dll
[2013.01.29 14:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Alt-N Technologies
[2013.01.29 14:02:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2013.01.29 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.01.29 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.29 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.29 13:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.01.29 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.01.29 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.01.29 13:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013.01.29 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013.01.29 13:52:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2013.01.29 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.29 13:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.29 13:51:45 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.29 13:30:50 | 000,090,576 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MfeOtlkAddin.dll
[2013.01.29 13:30:50 | 000,024,168 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\MFEOtlk.dll
[2013.01.29 13:30:49 | 000,009,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2013.01.29 13:29:59 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2013.01.29 13:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013.01.29 13:29:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\McAfee
[2013.01.29 13:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.01.29 13:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013.01.29 13:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.01.29 13:13:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2013.01.29 13:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.01.29 12:55:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2013.01.29 12:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2013.01.29 12:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2013.01.29 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2013.01.29 12:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013.01.29 12:31:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2013.01.29 12:14:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.29 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013.01.29 12:13:51 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2013.01.29 12:13:44 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2013.01.29 12:13:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2013.01.29 12:13:44 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2013.01.29 12:13:44 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2013.01.29 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.01.29 11:50:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.01.29 11:44:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.01.29 11:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.01.29 11:41:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.01.29 11:41:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.20 07:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.20 07:18:48 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 07:18:48 | 000,022,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.20 07:16:11 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.20 07:16:11 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.20 07:16:11 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.20 07:16:11 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.20 07:10:33 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013.02.20 07:10:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.20 07:10:11 | 001,125,033 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\Cat.DB
[2013.02.20 07:10:01 | 2609,569,792 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 07:09:49 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1402010.016\VT20130115.021
[2013.02.19 11:51:38 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013.02.19 11:51:38 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.02.19 11:51:38 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.02.19 08:56:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.02.15 07:21:18 | 000,432,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.31 09:35:09 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.01.31 09:35:08 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.29 14:37:46 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.29 14:18:06 | 000,001,029 | ---- | M] () -- C:\Users\Administrator\Desktop\Notepad++.lnk
[2013.01.29 14:08:35 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.29 14:07:29 | 000,002,833 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk
[2013.01.29 14:01:51 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5 Host.lnk
[2013.01.29 12:36:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.01.29 12:13:30 | 000,002,958 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.01.29 11:45:10 | 000,055,513 | ---- | M] () -- C:\Windows\System32\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.02.20 07:32:11 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.cat
[2013.02.20 07:32:11 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\ccsetx86.inf
[2013.02.20 07:32:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02010.021\isolate.ini
[2013.02.20 07:09:49 | 001,125,033 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\Cat.DB
[2013.02.20 07:09:49 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\VT20130115.021
[2013.02.19 13:28:45 | 000,007,601 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symnet.cat
[2013.02.19 13:28:45 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symnet.inf
[2013.02.19 13:28:44 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.cat
[2013.02.19 13:28:44 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.cat
[2013.02.19 13:28:44 | 000,007,599 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.cat
[2013.02.19 13:28:44 | 000,007,597 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.cat
[2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symds.cat
[2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.cat
[2013.02.19 13:28:44 | 000,007,593 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\iron.cat
[2013.02.19 13:28:44 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symefa.inf
[2013.02.19 13:28:44 | 000,002,851 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symds.inf
[2013.02.19 13:28:44 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtsp.inf
[2013.02.19 13:28:44 | 000,001,387 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\srtspx.inf
[2013.02.19 13:28:44 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symelam.inf
[2013.02.19 13:28:44 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\ccsetx86.inf
[2013.02.19 13:28:44 | 000,000,737 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\iron.inf
[2013.02.19 13:28:16 | 000,009,103 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\symvtcer.dat
[2013.02.19 13:28:16 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1402010.016\isolate.ini
[2013.02.19 11:51:44 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.cat
[2013.02.19 11:51:44 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.inf
[2013.02.19 11:51:44 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DD02000.012\isolate.ini
[2013.02.19 11:51:38 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013.02.19 11:51:38 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013.02.19 11:51:31 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2013.02.19 08:56:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.31 09:35:09 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.01.31 09:35:08 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.30 07:34:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.29 14:37:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.29 14:37:46 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.29 14:18:06 | 000,001,029 | ---- | C] () -- C:\Users\Administrator\Desktop\Notepad++.lnk
[2013.01.29 14:08:35 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.01.29 14:08:35 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.29 14:07:29 | 000,002,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Plug-in.lnk
[2013.01.29 14:01:51 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5 Host.lnk
[2013.01.29 14:01:51 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5 Host.lnk
[2013.01.29 13:13:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013.01.29 13:13:30 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2013.01.29 12:40:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.01.29 12:39:49 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.29 12:36:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.01.29 12:14:03 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.29 12:13:30 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.01.29 11:44:57 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.01.29 11:44:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.01.29 11:41:53 | 2609,569,792 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.12 03:19:24 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:19:24 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:19:24 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:19:24 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.29 14:07:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2013.01.29 14:18:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2013.01.29 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.29 14:10:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.01.31 09:04:38 | 000,000,000 | ---D | M] -- C:\Alter_PCs
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.29 13:51:45 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.01.31 11:14:40 | 000,000,000 | ---D | M] -- C:\OkiDriver
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.19 11:51:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.19 11:50:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.29 11:50:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.20 07:56:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.29 14:10:28 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.31 08:15:29 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2012.02.15 19:38:52 | 000,872,448 | ---- | M] (ESTOS GmbH) -- C:\Windows\system32\edial.tsp
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,007,436 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.01.30 07:34:23 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.20 08:04:55 | 000,786,432 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2013.02.20 08:04:54 | 000,262,144 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2013.01.29 12:13:44 | 000,000,000 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2013.01.29 13:10:11 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.01.29 13:10:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.01.29 13:10:11 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.01.29 15:41:15 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TM.blf
[2013.01.29 15:41:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TMContainer00000000000000000001.regtrans-ms
[2013.01.29 15:41:15 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{a1962434-6a1c-11e2-903f-002197158ff3}.TMContainer00000000000000000002.regtrans-ms
[2013.02.14 07:28:35 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TM.blf
[2013.02.14 07:28:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TMContainer00000000000000000001.regtrans-ms
[2013.02.14 07:28:35 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{b578b93d-766e-11e2-810f-002197158ff3}.TMContainer00000000000000000002.regtrans-ms
[2013.01.29 12:13:44 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
__________________

Geändert von Galikor (20.02.2013 um 07:55 Uhr)

Alt 20.02.2013, 11:31   #4
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.02.2013, 11:51   #5
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Code:
ATTFilter
12:49:40.0993 0468  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:41.0118 0468  ============================================================
12:49:41.0118 0468  Current date / time: 2013/02/20 12:49:41.0118
12:49:41.0118 0468  SystemInfo:
12:49:41.0118 0468  
12:49:41.0118 0468  OS Version: 6.1.7601 ServicePack: 1.0
12:49:41.0118 0468  Product type: Workstation
12:49:41.0118 0468  ComputerName: MARKETING-PC7
12:49:41.0118 0468  UserName: Administrator
12:49:41.0118 0468  Windows directory: C:\Windows
12:49:41.0118 0468  System windows directory: C:\Windows
12:49:41.0118 0468  Processor architecture: Intel x86
12:49:41.0118 0468  Number of processors: 4
12:49:41.0118 0468  Page size: 0x1000
12:49:41.0118 0468  Boot type: Normal boot
12:49:41.0118 0468  ============================================================
12:49:42.0693 0468  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:49:42.0693 0468  ============================================================
12:49:42.0693 0468  \Device\Harddisk0\DR0:
12:49:42.0693 0468  MBR partitions:
12:49:42.0693 0468  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:49:42.0693 0468  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24CFD800
12:49:42.0693 0468  ============================================================
12:49:42.0725 0468  C: <-> \Device\Harddisk0\DR0\Partition2
12:49:42.0725 0468  ============================================================
12:49:42.0725 0468  Initialize success
12:49:42.0725 0468  ============================================================
12:50:06.0514 5920  ============================================================
12:50:06.0514 5920  Scan started
12:50:06.0514 5920  Mode: Manual; SigCheck; TDLFS; 
12:50:06.0514 5920  ============================================================
12:50:07.0169 5920  ================ Scan system memory ========================
12:50:07.0169 5920  System memory - ok
12:50:07.0169 5920  ================ Scan services =============================
12:50:07.0309 5920  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:50:07.0403 5920  1394ohci - ok
12:50:07.0450 5920  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:50:07.0465 5920  ACPI - ok
12:50:07.0497 5920  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:50:07.0575 5920  AcpiPmi - ok
12:50:07.0637 5920  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:50:07.0653 5920  AdobeARMservice - ok
12:50:07.0684 5920  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:07.0699 5920  AdobeFlashPlayerUpdateSvc - ok
12:50:07.0746 5920  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:50:07.0762 5920  adp94xx - ok
12:50:07.0777 5920  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:50:07.0793 5920  adpahci - ok
12:50:07.0809 5920  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:50:07.0824 5920  adpu320 - ok
12:50:07.0855 5920  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:50:07.0933 5920  AeLookupSvc - ok
12:50:08.0058 5920  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
12:50:08.0167 5920  AFD - ok
12:50:08.0183 5920  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:50:08.0199 5920  agp440 - ok
12:50:08.0245 5920  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:50:08.0261 5920  aic78xx - ok
12:50:08.0292 5920  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
12:50:08.0339 5920  ALG - ok
12:50:08.0355 5920  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:50:08.0370 5920  aliide - ok
12:50:08.0386 5920  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:50:08.0401 5920  amdagp - ok
12:50:08.0417 5920  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:50:08.0433 5920  amdide - ok
12:50:08.0448 5920  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:50:08.0464 5920  AmdK8 - ok
12:50:08.0479 5920  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:50:08.0511 5920  AmdPPM - ok
12:50:08.0542 5920  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:50:08.0557 5920  amdsata - ok
12:50:08.0589 5920  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:50:08.0604 5920  amdsbs - ok
12:50:08.0620 5920  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:50:08.0635 5920  amdxata - ok
12:50:08.0651 5920  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
12:50:08.0682 5920  AppID - ok
12:50:08.0713 5920  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:50:08.0760 5920  AppIDSvc - ok
12:50:08.0776 5920  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
12:50:08.0823 5920  Appinfo - ok
12:50:08.0838 5920  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:50:08.0885 5920  AppMgmt - ok
12:50:08.0901 5920  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
12:50:08.0916 5920  arc - ok
12:50:08.0932 5920  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:50:08.0947 5920  arcsas - ok
12:50:08.0947 5920  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:50:09.0072 5920  AsyncMac - ok
12:50:09.0103 5920  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
12:50:09.0119 5920  atapi - ok
12:50:09.0135 5920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:50:09.0197 5920  AudioEndpointBuilder - ok
12:50:09.0197 5920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:50:09.0228 5920  Audiosrv - ok
12:50:09.0244 5920  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:50:09.0306 5920  AxInstSV - ok
12:50:09.0337 5920  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:50:09.0369 5920  b06bdrv - ok
12:50:09.0431 5920  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:50:09.0478 5920  b57nd60x - ok
12:50:09.0540 5920  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:50:09.0603 5920  BDESVC - ok
12:50:09.0634 5920  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:50:09.0681 5920  Beep - ok
12:50:09.0712 5920  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
12:50:09.0759 5920  BFE - ok
12:50:10.0055 5920  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
12:50:10.0102 5920  BHDrvx86 - ok
12:50:10.0133 5920  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
12:50:10.0180 5920  BITS - ok
12:50:10.0180 5920  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:50:10.0211 5920  blbdrive - ok
12:50:10.0242 5920  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:50:10.0273 5920  bowser - ok
12:50:10.0305 5920  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:50:10.0336 5920  BrFiltLo - ok
12:50:10.0351 5920  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:50:10.0383 5920  BrFiltUp - ok
12:50:10.0414 5920  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
12:50:10.0461 5920  Browser - ok
12:50:10.0492 5920  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:50:10.0554 5920  Brserid - ok
12:50:10.0554 5920  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:50:10.0570 5920  BrSerWdm - ok
12:50:10.0585 5920  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:10.0601 5920  BrUsbMdm - ok
12:50:10.0601 5920  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:50:10.0632 5920  BrUsbSer - ok
12:50:10.0632 5920  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:50:10.0648 5920  BTHMODEM - ok
12:50:10.0695 5920  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
12:50:10.0726 5920  bthserv - ok
12:50:10.0819 5920  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NAV       C:\Windows\system32\drivers\NAV\1402010.016\ccSetx86.sys
12:50:10.0819 5920  ccSet_NAV - ok
12:50:10.0897 5920  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NST       C:\Windows\system32\drivers\NST\7DD02010.021\ccSetx86.sys
12:50:10.0913 5920  ccSet_NST - ok
12:50:10.0944 5920  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:50:10.0991 5920  cdfs - ok
12:50:11.0022 5920  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:50:11.0053 5920  cdrom - ok
12:50:11.0084 5920  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:50:11.0131 5920  CertPropSvc - ok
12:50:11.0147 5920  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:50:11.0162 5920  circlass - ok
12:50:11.0178 5920  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
12:50:11.0194 5920  CLFS - ok
12:50:11.0256 5920  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:11.0272 5920  clr_optimization_v2.0.50727_32 - ok
12:50:11.0334 5920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:11.0350 5920  clr_optimization_v4.0.30319_32 - ok
12:50:11.0381 5920  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:50:11.0396 5920  CmBatt - ok
12:50:11.0412 5920  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:50:11.0428 5920  cmdide - ok
12:50:11.0459 5920  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:50:11.0490 5920  CNG - ok
12:50:11.0490 5920  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:50:11.0506 5920  Compbatt - ok
12:50:11.0521 5920  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:50:11.0552 5920  CompositeBus - ok
12:50:11.0568 5920  COMSysApp - ok
12:50:11.0584 5920  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:50:11.0599 5920  crcdisk - ok
12:50:11.0646 5920  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:50:11.0693 5920  CryptSvc - ok
12:50:11.0708 5920  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
12:50:11.0755 5920  CSC - ok
12:50:11.0786 5920  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
12:50:11.0833 5920  CscService - ok
12:50:11.0880 5920  [ A1998B05CDB931DEB5C653DE13D56E13 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
12:50:11.0896 5920  ctxusbm - ok
12:50:11.0927 5920  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:50:11.0974 5920  DcomLaunch - ok
12:50:12.0020 5920  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:50:12.0067 5920  defragsvc - ok
12:50:12.0098 5920  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:50:12.0130 5920  DfsC - ok
12:50:12.0161 5920  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:50:12.0223 5920  Dhcp - ok
12:50:12.0223 5920  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
12:50:12.0270 5920  discache - ok
12:50:12.0301 5920  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
12:50:12.0317 5920  Disk - ok
12:50:12.0332 5920  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:50:12.0379 5920  dmvsc - ok
12:50:12.0395 5920  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:50:12.0426 5920  Dnscache - ok
12:50:12.0457 5920  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:50:12.0488 5920  dot3svc - ok
12:50:12.0504 5920  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
12:50:12.0551 5920  DPS - ok
12:50:12.0566 5920  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:50:12.0582 5920  drmkaud - ok
12:50:12.0613 5920  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:50:12.0644 5920  DXGKrnl - ok
12:50:12.0738 5920  [ 0B97B5DC841953432A4B88ECBC1A1C4D ] EACUSrv         C:\Windows\system32\EACUSrv.exe
12:50:12.0816 5920  EACUSrv - ok
12:50:12.0847 5920  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
12:50:12.0894 5920  EapHost - ok
12:50:13.0019 5920  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:50:13.0097 5920  ebdrv - ok
12:50:13.0144 5920  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:50:13.0502 5920  eeCtrl - ok
12:50:13.0534 5920  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
12:50:13.0565 5920  EFS - ok
12:50:13.0627 5920  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:50:13.0674 5920  ehRecvr - ok
12:50:13.0674 5920  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
12:50:13.0705 5920  ehSched - ok
12:50:13.0736 5920  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:50:13.0768 5920  elxstor - ok
12:50:13.0814 5920  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:50:13.0877 5920  EraserUtilRebootDrv - ok
12:50:13.0892 5920  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:50:13.0908 5920  ErrDev - ok
12:50:13.0955 5920  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
12:50:14.0017 5920  EventSystem - ok
12:50:14.0033 5920  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
12:50:14.0064 5920  exfat - ok
12:50:14.0080 5920  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:50:14.0126 5920  fastfat - ok
12:50:14.0173 5920  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
12:50:14.0220 5920  Fax - ok
12:50:14.0236 5920  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
12:50:14.0251 5920  fdc - ok
12:50:14.0267 5920  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
12:50:14.0298 5920  fdPHost - ok
12:50:14.0298 5920  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
12:50:14.0329 5920  FDResPub - ok
12:50:14.0360 5920  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:50:14.0376 5920  FileInfo - ok
12:50:14.0376 5920  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:50:14.0423 5920  Filetrace - ok
12:50:14.0423 5920  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:50:14.0438 5920  flpydisk - ok
12:50:14.0454 5920  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:50:14.0470 5920  FltMgr - ok
12:50:14.0501 5920  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\Windows\system32\FntCache.dll
12:50:14.0548 5920  FontCache - ok
12:50:14.0594 5920  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:14.0610 5920  FontCache3.0.0.0 - ok
12:50:14.0626 5920  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:50:14.0641 5920  FsDepends - ok
12:50:14.0672 5920  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:50:14.0688 5920  Fs_Rec - ok
12:50:14.0704 5920  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:50:14.0735 5920  fvevol - ok
12:50:14.0750 5920  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:50:14.0766 5920  gagp30kx - ok
12:50:14.0797 5920  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:50:14.0844 5920  gpsvc - ok
12:50:14.0860 5920  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:50:14.0891 5920  hcw85cir - ok
12:50:14.0922 5920  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:50:14.0953 5920  HdAudAddService - ok
12:50:15.0016 5920  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:50:15.0047 5920  HDAudBus - ok
12:50:15.0062 5920  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:50:15.0094 5920  HidBatt - ok
12:50:15.0109 5920  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:50:15.0140 5920  HidBth - ok
12:50:15.0156 5920  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:50:15.0172 5920  HidIr - ok
12:50:15.0203 5920  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
12:50:15.0250 5920  hidserv - ok
12:50:15.0281 5920  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:50:15.0312 5920  HidUsb - ok
12:50:15.0328 5920  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:50:15.0359 5920  hkmsvc - ok
12:50:15.0390 5920  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:50:15.0468 5920  HomeGroupListener - ok
12:50:15.0484 5920  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:50:15.0530 5920  HomeGroupProvider - ok
12:50:15.0546 5920  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:50:15.0562 5920  HpSAMD - ok
12:50:15.0593 5920  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:50:15.0624 5920  HTTP - ok
12:50:15.0640 5920  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:50:15.0655 5920  hwpolicy - ok
12:50:15.0671 5920  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:50:15.0702 5920  i8042prt - ok
12:50:15.0749 5920  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:50:15.0764 5920  iaStorV - ok
12:50:15.0811 5920  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:15.0842 5920  idsvc - ok
12:50:16.0014 5920  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys
12:50:16.0030 5920  IDSVix86 - ok
12:50:16.0154 5920  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:50:16.0404 5920  igfx - ok
12:50:16.0435 5920  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:50:16.0451 5920  iirsp - ok
12:50:16.0498 5920  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:50:16.0560 5920  IKEEXT - ok
12:50:16.0560 5920  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:50:16.0576 5920  intelide - ok
12:50:16.0591 5920  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:50:16.0607 5920  intelppm - ok
12:50:16.0622 5920  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:50:16.0654 5920  IPBusEnum - ok
12:50:16.0669 5920  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:50:16.0700 5920  IpFilterDriver - ok
12:50:16.0747 5920  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:50:16.0794 5920  iphlpsvc - ok
12:50:16.0810 5920  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:50:16.0825 5920  IPMIDRV - ok
12:50:16.0856 5920  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:50:16.0903 5920  IPNAT - ok
12:50:16.0919 5920  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:50:16.0950 5920  IRENUM - ok
12:50:16.0965 5920  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:50:16.0981 5920  isapnp - ok
12:50:16.0997 5920  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:50:17.0028 5920  iScsiPrt - ok
12:50:17.0028 5920  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:50:17.0043 5920  kbdclass - ok
12:50:17.0075 5920  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:50:17.0090 5920  kbdhid - ok
12:50:17.0106 5920  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
12:50:17.0121 5920  KeyIso - ok
12:50:17.0153 5920  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:50:17.0168 5920  KSecDD - ok
12:50:17.0168 5920  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:50:17.0184 5920  KSecPkg - ok
12:50:17.0215 5920  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:50:17.0246 5920  KtmRm - ok
12:50:17.0277 5920  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:50:17.0324 5920  LanmanServer - ok
12:50:17.0371 5920  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:50:17.0402 5920  LanmanWorkstation - ok
12:50:17.0449 5920  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:50:17.0496 5920  lltdio - ok
12:50:17.0511 5920  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:50:17.0543 5920  lltdsvc - ok
12:50:17.0558 5920  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:50:17.0605 5920  lmhosts - ok
12:50:17.0621 5920  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:50:17.0636 5920  LSI_FC - ok
12:50:17.0652 5920  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:50:17.0667 5920  LSI_SAS - ok
12:50:17.0683 5920  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:50:17.0714 5920  LSI_SAS2 - ok
12:50:17.0714 5920  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:50:17.0745 5920  LSI_SCSI - ok
12:50:17.0761 5920  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
12:50:17.0792 5920  luafv - ok
12:50:17.0839 5920  [ AFAD61262CC1A36E8B089DE9A1A54060 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
12:50:17.0855 5920  McAfee SiteAdvisor Enterprise Service - ok
12:50:17.0901 5920  [ 1BC80196637B64D019D433DDABEE675B ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:50:17.0933 5920  McShield - ok
12:50:17.0948 5920  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:50:17.0964 5920  Mcx2Svc - ok
12:50:18.0011 5920  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:50:18.0026 5920  megasas - ok
12:50:18.0026 5920  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:50:18.0042 5920  MegaSR - ok
12:50:18.0073 5920  [ F86FA6BC8BF8FFBE36C55F65EB2D0EC5 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
12:50:18.0089 5920  mfeapfk - ok
12:50:18.0120 5920  [ 7FEFCE58BB67B1176CB8581907011094 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
12:50:18.0135 5920  mfeavfk - ok
12:50:18.0151 5920  mfeavfk01 - ok
12:50:18.0167 5920  [ B08B78E675929F6B17F5307957762A5A ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
12:50:18.0182 5920  mfebopk - ok
12:50:18.0229 5920  [ BE3990ED559C79D5205EF54D65E5F59B ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:50:18.0245 5920  mfefire - ok
12:50:18.0291 5920  [ 3BC20DDA41BECC82680FB41372F03925 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
12:50:18.0323 5920  mfefirek - ok
12:50:18.0354 5920  [ DAFEFAA7C7402A2E335755B531E3F542 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
12:50:18.0369 5920  mfehidk - ok
12:50:18.0401 5920  [ 75D2D96C8BC2045B471FC488BD207D35 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
12:50:18.0416 5920  mferkdet - ok
12:50:18.0432 5920  [ 9CBE04C2A231DE7BC483F49E1414CFA6 ] mfevtp          C:\Windows\system32\mfevtps.exe
12:50:18.0510 5920  mfevtp - ok
12:50:18.0525 5920  [ 86C1DB118379166CA93B194F44AF59D9 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
12:50:18.0541 5920  mfewfpk - ok
12:50:18.0588 5920  Microsoft SharePoint Workspace Audit Service - ok
12:50:18.0603 5920  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
12:50:18.0635 5920  MMCSS - ok
12:50:18.0666 5920  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
12:50:18.0697 5920  Modem - ok
12:50:18.0713 5920  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:50:18.0744 5920  monitor - ok
12:50:18.0759 5920  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:50:18.0775 5920  mouclass - ok
12:50:18.0775 5920  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:50:18.0806 5920  mouhid - ok
12:50:18.0822 5920  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:50:18.0837 5920  mountmgr - ok
12:50:18.0869 5920  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:50:18.0962 5920  MozillaMaintenance - ok
12:50:18.0978 5920  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:50:18.0993 5920  mpio - ok
12:50:18.0993 5920  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:50:19.0025 5920  mpsdrv - ok
12:50:19.0056 5920  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:50:19.0118 5920  MpsSvc - ok
12:50:19.0134 5920  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:50:19.0181 5920  MRxDAV - ok
12:50:19.0212 5920  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:50:19.0243 5920  mrxsmb - ok
12:50:19.0259 5920  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:50:19.0290 5920  mrxsmb10 - ok
12:50:19.0290 5920  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:50:19.0321 5920  mrxsmb20 - ok
12:50:19.0337 5920  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
12:50:19.0352 5920  msahci - ok
12:50:19.0352 5920  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:50:19.0368 5920  msdsm - ok
12:50:19.0399 5920  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
12:50:19.0446 5920  MSDTC - ok
12:50:19.0446 5920  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:50:19.0477 5920  Msfs - ok
12:50:19.0493 5920  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:50:19.0524 5920  mshidkmdf - ok
12:50:19.0539 5920  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:50:19.0555 5920  msisadrv - ok
12:50:19.0586 5920  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:50:19.0633 5920  MSiSCSI - ok
12:50:19.0633 5920  msiserver - ok
12:50:19.0664 5920  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:50:19.0680 5920  MSKSSRV - ok
12:50:19.0758 5920  [ E3F9EBFD64DEE48EE9E99949E312D883 ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
12:50:19.0789 5920  msoidsvc - ok
12:50:19.0805 5920  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:50:19.0836 5920  MSPCLOCK - ok
12:50:19.0867 5920  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:50:19.0914 5920  MSPQM - ok
12:50:19.0929 5920  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:50:19.0945 5920  MsRPC - ok
12:50:19.0945 5920  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:50:19.0961 5920  mssmbios - ok
12:50:19.0976 5920  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:50:20.0007 5920  MSTEE - ok
12:50:20.0023 5920  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:50:20.0054 5920  MTConfig - ok
12:50:20.0054 5920  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:50:20.0070 5920  Mup - ok
12:50:20.0148 5920  [ 7B99727A78036C43D3F50D6952E0B70B ] myAgtSvc        C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:50:20.0163 5920  myAgtSvc - ok
12:50:20.0195 5920  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
12:50:20.0241 5920  napagent - ok
12:50:20.0273 5920  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:50:20.0319 5920  NativeWifiP - ok
12:50:20.0491 5920  [ 4BA84C832E0741A294C4444556DFE993 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe
12:50:20.0507 5920  NAV - ok
12:50:20.0585 5920  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\NAVENG.SYS
12:50:20.0600 5920  NAVENG - ok
12:50:20.0647 5920  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20130218.025\NAVEX15.SYS
12:50:20.0694 5920  NAVEX15 - ok
12:50:20.0787 5920  [ 4BA84C832E0741A294C4444556DFE993 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
12:50:20.0803 5920  NCO - ok
12:50:20.0834 5920  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:50:20.0865 5920  NDIS - ok
12:50:20.0897 5920  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:50:20.0943 5920  NdisCap - ok
12:50:21.0053 5920  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:50:21.0099 5920  NdisTapi - ok
12:50:21.0115 5920  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:50:21.0146 5920  Ndisuio - ok
12:50:21.0146 5920  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:50:21.0177 5920  NdisWan - ok
12:50:21.0193 5920  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:50:21.0224 5920  NDProxy - ok
12:50:21.0240 5920  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:50:21.0271 5920  NetBIOS - ok
12:50:21.0287 5920  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:50:21.0333 5920  NetBT - ok
12:50:21.0349 5920  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
12:50:21.0365 5920  Netlogon - ok
12:50:21.0396 5920  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
12:50:21.0427 5920  Netman - ok
12:50:21.0443 5920  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
12:50:21.0489 5920  netprofm - ok
12:50:21.0505 5920  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:50:21.0521 5920  NetTcpPortSharing - ok
12:50:21.0552 5920  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:50:21.0567 5920  nfrd960 - ok
12:50:21.0583 5920  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:50:21.0599 5920  NlaSvc - ok
12:50:21.0614 5920  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:50:21.0630 5920  Npfs - ok
12:50:21.0661 5920  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
12:50:21.0692 5920  nsi - ok
12:50:21.0692 5920  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:50:21.0739 5920  nsiproxy - ok
12:50:21.0786 5920  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:50:21.0817 5920  Ntfs - ok
12:50:21.0848 5920  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
12:50:21.0879 5920  Null - ok
12:50:21.0911 5920  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:50:21.0926 5920  nvraid - ok
12:50:21.0942 5920  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:50:21.0957 5920  nvstor - ok
12:50:21.0973 5920  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:50:21.0989 5920  nv_agp - ok
12:50:22.0004 5920  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:50:22.0020 5920  ohci1394 - ok
12:50:22.0051 5920  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:22.0067 5920  ose - ok
12:50:22.0191 5920  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:50:22.0269 5920  osppsvc - ok
12:50:22.0301 5920  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:50:22.0347 5920  p2pimsvc - ok
12:50:22.0363 5920  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:50:22.0394 5920  p2psvc - ok
12:50:22.0441 5920  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:50:22.0457 5920  Parport - ok
12:50:22.0488 5920  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:50:22.0503 5920  partmgr - ok
12:50:22.0503 5920  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
12:50:22.0519 5920  Parvdm - ok
12:50:22.0550 5920  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:50:22.0566 5920  PcaSvc - ok
12:50:22.0581 5920  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
12:50:22.0597 5920  pci - ok
12:50:22.0613 5920  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
12:50:22.0628 5920  pciide - ok
12:50:22.0644 5920  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:50:22.0659 5920  pcmcia - ok
12:50:22.0659 5920  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
12:50:22.0675 5920  pcw - ok
12:50:22.0722 5920  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:50:22.0769 5920  PEAUTH - ok
12:50:22.0800 5920  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:50:22.0862 5920  PeerDistSvc - ok
12:50:22.0909 5920  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
12:50:22.0971 5920  pla - ok
12:50:23.0018 5920  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:50:23.0065 5920  PlugPlay - ok
12:50:23.0096 5920  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:50:23.0112 5920  PNRPAutoReg - ok
12:50:23.0143 5920  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:50:23.0159 5920  PNRPsvc - ok
12:50:23.0205 5920  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:50:23.0236 5920  PolicyAgent - ok
12:50:23.0268 5920  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
12:50:23.0299 5920  Power - ok
12:50:23.0330 5920  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:50:23.0377 5920  PptpMiniport - ok
12:50:23.0392 5920  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
12:50:23.0408 5920  Processor - ok
12:50:23.0424 5920  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
12:50:23.0470 5920  ProfSvc - ok
12:50:23.0486 5920  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:50:23.0502 5920  ProtectedStorage - ok
12:50:23.0517 5920  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:50:23.0548 5920  Psched - ok
12:50:23.0595 5920  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:50:23.0626 5920  ql2300 - ok
12:50:23.0642 5920  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:50:23.0658 5920  ql40xx - ok
12:50:23.0689 5920  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
12:50:23.0720 5920  QWAVE - ok
12:50:23.0720 5920  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:50:23.0736 5920  QWAVEdrv - ok
12:50:23.0751 5920  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:50:23.0782 5920  RasAcd - ok
12:50:23.0814 5920  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:50:23.0845 5920  RasAgileVpn - ok
12:50:23.0860 5920  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
12:50:23.0892 5920  RasAuto - ok
12:50:23.0907 5920  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:50:23.0938 5920  Rasl2tp - ok
12:50:23.0985 5920  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
12:50:24.0032 5920  RasMan - ok
12:50:24.0048 5920  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:50:24.0079 5920  RasPppoe - ok
12:50:24.0094 5920  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:50:24.0141 5920  RasSstp - ok
12:50:24.0157 5920  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:50:24.0188 5920  rdbss - ok
12:50:24.0204 5920  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:50:24.0219 5920  rdpbus - ok
12:50:24.0235 5920  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:50:24.0266 5920  RDPCDD - ok
12:50:24.0266 5920  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:50:24.0313 5920  RDPDR - ok
12:50:24.0313 5920  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:50:24.0344 5920  RDPENCDD - ok
12:50:24.0375 5920  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:50:24.0422 5920  RDPREFMP - ok
12:50:24.0438 5920  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:50:24.0469 5920  RDPWD - ok
12:50:24.0500 5920  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:50:24.0516 5920  rdyboost - ok
12:50:24.0531 5920  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:50:24.0562 5920  RemoteAccess - ok
12:50:24.0594 5920  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:50:24.0625 5920  RemoteRegistry - ok
12:50:24.0625 5920  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:50:24.0672 5920  RpcEptMapper - ok
12:50:24.0687 5920  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
12:50:24.0703 5920  RpcLocator - ok
12:50:24.0734 5920  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
12:50:24.0765 5920  RpcSs - ok
12:50:24.0781 5920  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:50:24.0843 5920  rspndr - ok
12:50:24.0874 5920  [ 7B99727A78036C43D3F50D6952E0B70B ] RumorServer     C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
12:50:24.0890 5920  RumorServer - ok
12:50:24.0906 5920  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:50:24.0937 5920  s3cap - ok
12:50:24.0952 5920  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
12:50:24.0968 5920  SamSs - ok
12:50:24.0999 5920  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:50:25.0030 5920  sbp2port - ok
12:50:25.0062 5920  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:50:25.0093 5920  SCardSvr - ok
12:50:25.0108 5920  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:50:25.0155 5920  scfilter - ok
12:50:25.0186 5920  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
12:50:25.0233 5920  Schedule - ok
12:50:25.0249 5920  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:50:25.0280 5920  SCPolicySvc - ok
12:50:25.0296 5920  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:50:25.0327 5920  SDRSVC - ok
12:50:25.0358 5920  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:50:25.0467 5920  secdrv - ok
12:50:25.0498 5920  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
12:50:25.0576 5920  seclogon - ok
12:50:25.0623 5920  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
12:50:25.0654 5920  SENS - ok
12:50:25.0670 5920  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:50:25.0701 5920  SensrSvc - ok
12:50:25.0717 5920  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:50:25.0748 5920  Serenum - ok
12:50:25.0748 5920  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:50:25.0779 5920  Serial - ok
12:50:25.0795 5920  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:50:25.0810 5920  sermouse - ok
12:50:25.0842 5920  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:50:25.0873 5920  SessionEnv - ok
12:50:25.0888 5920  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:50:25.0920 5920  sffdisk - ok
12:50:25.0935 5920  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:50:25.0951 5920  sffp_mmc - ok
12:50:25.0966 5920  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:50:26.0013 5920  sffp_sd - ok
12:50:26.0013 5920  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:50:26.0044 5920  sfloppy - ok
12:50:26.0060 5920  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:50:26.0107 5920  SharedAccess - ok
12:50:26.0122 5920  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:50:26.0169 5920  ShellHWDetection - ok
12:50:26.0200 5920  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:50:26.0216 5920  sisagp - ok
12:50:26.0232 5920  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:50:26.0247 5920  SiSRaid2 - ok
12:50:26.0247 5920  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:50:26.0263 5920  SiSRaid4 - ok
12:50:26.0278 5920  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:50:26.0325 5920  Smb - ok
12:50:26.0356 5920  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:50:26.0372 5920  SNMPTRAP - ok
12:50:26.0388 5920  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:50:26.0403 5920  spldr - ok
12:50:26.0434 5920  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
12:50:26.0481 5920  Spooler - ok
12:50:26.0559 5920  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
12:50:26.0637 5920  sppsvc - ok
12:50:26.0653 5920  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:50:26.0700 5920  sppuinotify - ok
12:50:26.0778 5920  [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP           C:\Windows\System32\Drivers\NAV\1402010.016\SRTSP.SYS
12:50:26.0809 5920  SRTSP - ok
12:50:26.0856 5920  [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX          C:\Windows\system32\drivers\NAV\1402010.016\SRTSPX.SYS
12:50:26.0871 5920  SRTSPX - ok
12:50:26.0902 5920  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:50:26.0934 5920  srv - ok
12:50:26.0965 5920  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:50:27.0012 5920  srv2 - ok
12:50:27.0027 5920  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:50:27.0043 5920  srvnet - ok
12:50:27.0074 5920  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:50:27.0105 5920  SSDPSRV - ok
12:50:27.0121 5920  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:50:27.0152 5920  SstpSvc - ok
12:50:27.0168 5920  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:50:27.0183 5920  stexstor - ok
12:50:27.0214 5920  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:50:27.0246 5920  StiSvc - ok
12:50:27.0261 5920  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:50:27.0277 5920  storflt - ok
12:50:27.0308 5920  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
12:50:27.0324 5920  StorSvc - ok
12:50:27.0339 5920  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:50:27.0355 5920  storvsc - ok
12:50:27.0370 5920  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:50:27.0386 5920  swenum - ok
12:50:27.0402 5920  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
12:50:27.0448 5920  swprv - ok
12:50:27.0495 5920  [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS           C:\Windows\system32\drivers\NAV\1402010.016\SYMDS.SYS
12:50:27.0511 5920  SymDS - ok
12:50:27.0542 5920  [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA          C:\Windows\system32\drivers\NAV\1402010.016\SYMEFA.SYS
12:50:27.0573 5920  SymEFA - ok
12:50:27.0620 5920  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
12:50:27.0636 5920  SymEvent - ok
12:50:27.0667 5920  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\NAV\1402010.016\Ironx86.SYS
12:50:27.0682 5920  SymIRON - ok
12:50:27.0682 5920  [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS         C:\Windows\System32\Drivers\NAV\1402010.016\SYMNETS.SYS
12:50:27.0698 5920  SymNetS - ok
12:50:27.0838 5920  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
12:50:27.0870 5920  SysMain - ok
12:50:27.0870 5920  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:50:27.0901 5920  TabletInputService - ok
12:50:27.0916 5920  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:50:27.0948 5920  TapiSrv - ok
12:50:27.0994 5920  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
12:50:28.0057 5920  TBS - ok
12:50:28.0088 5920  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:50:28.0135 5920  Tcpip - ok
12:50:28.0150 5920  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:50:28.0182 5920  TCPIP6 - ok
12:50:28.0213 5920  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:50:28.0244 5920  tcpipreg - ok
12:50:28.0275 5920  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:50:28.0291 5920  TDPIPE - ok
12:50:28.0322 5920  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:50:28.0338 5920  TDTCP - ok
12:50:28.0338 5920  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:50:28.0369 5920  tdx - ok
12:50:28.0447 5920  [ A6D294D9F7E2104EE50C5EFA309286C7 ] TeamViewer5     C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
12:50:28.0494 5920  TeamViewer5 - ok
12:50:28.0509 5920  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:50:28.0525 5920  TermDD - ok
12:50:28.0540 5920  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
12:50:28.0587 5920  TermService - ok
12:50:28.0587 5920  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
12:50:28.0618 5920  Themes - ok
12:50:28.0634 5920  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
12:50:28.0665 5920  THREADORDER - ok
12:50:28.0681 5920  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
12:50:28.0728 5920  TrkWks - ok
12:50:28.0759 5920  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:50:28.0806 5920  TrustedInstaller - ok
12:50:28.0821 5920  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:50:28.0852 5920  tssecsrv - ok
12:50:28.0868 5920  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:50:28.0899 5920  TsUsbFlt - ok
12:50:28.0915 5920  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:50:28.0946 5920  TsUsbGD - ok
12:50:28.0962 5920  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:50:28.0993 5920  tunnel - ok
12:50:29.0008 5920  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:50:29.0024 5920  uagp35 - ok
12:50:29.0040 5920  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:50:29.0071 5920  udfs - ok
12:50:29.0102 5920  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:50:29.0118 5920  UI0Detect - ok
12:50:29.0133 5920  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:50:29.0149 5920  uliagpkx - ok
12:50:29.0164 5920  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:50:29.0180 5920  umbus - ok
12:50:29.0196 5920  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:50:29.0211 5920  UmPass - ok
12:50:29.0227 5920  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:50:29.0258 5920  UmRdpService - ok
12:50:29.0289 5920  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
12:50:29.0336 5920  upnphost - ok
12:50:29.0352 5920  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
12:50:29.0383 5920  usbccgp - ok
12:50:29.0398 5920  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:50:29.0414 5920  usbcir - ok
12:50:29.0429 5920  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:50:29.0461 5920  usbehci - ok
12:50:29.0476 5920  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:50:29.0492 5920  usbhub - ok
12:50:29.0554 5920  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:50:29.0585 5920  usbohci - ok
12:50:29.0710 5920  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:50:29.0741 5920  usbprint - ok
12:50:29.0773 5920  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:50:29.0835 5920  USBSTOR - ok
12:50:29.0851 5920  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:50:29.0882 5920  usbuhci - ok
12:50:29.0897 5920  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
12:50:29.0944 5920  UxSms - ok
12:50:29.0960 5920  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
12:50:29.0975 5920  VaultSvc - ok
12:50:30.0022 5920  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:50:30.0038 5920  vdrvroot - ok
12:50:30.0053 5920  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
12:50:30.0100 5920  vds - ok
12:50:30.0131 5920  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:50:30.0147 5920  vga - ok
12:50:30.0194 5920  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:50:30.0225 5920  VgaSave - ok
12:50:30.0303 5920  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:50:30.0334 5920  vhdmp - ok
12:50:30.0350 5920  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:50:30.0365 5920  viaagp - ok
12:50:30.0381 5920  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:50:30.0397 5920  ViaC7 - ok
12:50:30.0412 5920  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
12:50:30.0428 5920  viaide - ok
12:50:30.0443 5920  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:50:30.0459 5920  vmbus - ok
12:50:30.0475 5920  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:50:30.0506 5920  VMBusHID - ok
12:50:30.0506 5920  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:50:30.0521 5920  volmgr - ok
12:50:30.0553 5920  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:50:30.0568 5920  volmgrx - ok
12:50:30.0568 5920  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:50:30.0599 5920  volsnap - ok
12:50:30.0615 5920  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:50:30.0631 5920  vsmraid - ok
12:50:30.0677 5920  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
12:50:30.0724 5920  VSS - ok
12:50:30.0724 5920  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:50:30.0755 5920  vwifibus - ok
12:50:30.0755 5920  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
12:50:30.0787 5920  W32Time - ok
12:50:30.0818 5920  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:50:30.0849 5920  WacomPen - ok
12:50:30.0865 5920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:50:30.0896 5920  WANARP - ok
12:50:30.0896 5920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:50:30.0927 5920  Wanarpv6 - ok
12:50:30.0974 5920  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
12:50:31.0036 5920  wbengine - ok
12:50:31.0036 5920  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:50:31.0067 5920  WbioSrvc - ok
12:50:31.0083 5920  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:50:31.0114 5920  wcncsvc - ok
12:50:31.0130 5920  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:50:31.0161 5920  WcsPlugInService - ok
12:50:31.0177 5920  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
12:50:31.0192 5920  Wd - ok
12:50:31.0223 5920  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:50:31.0270 5920  Wdf01000 - ok
12:50:31.0286 5920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:50:31.0333 5920  WdiServiceHost - ok
12:50:31.0348 5920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:50:31.0364 5920  WdiSystemHost - ok
12:50:31.0379 5920  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
12:50:31.0411 5920  WebClient - ok
12:50:31.0426 5920  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:50:31.0457 5920  Wecsvc - ok
12:50:31.0473 5920  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:50:31.0504 5920  wercplsupport - ok
12:50:31.0520 5920  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:50:31.0551 5920  WerSvc - ok
12:50:31.0582 5920  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:50:31.0598 5920  WfpLwf - ok
12:50:31.0629 5920  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:50:31.0645 5920  WIMMount - ok
12:50:31.0691 5920  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:50:31.0723 5920  WinDefend - ok
12:50:31.0723 5920  WinHttpAutoProxySvc - ok
12:50:31.0769 5920  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:50:31.0816 5920  Winmgmt - ok
12:50:31.0863 5920  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:50:31.0910 5920  WinRM - ok
12:50:31.0941 5920  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:50:32.0019 5920  Wlansvc - ok
12:50:32.0050 5920  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:50:32.0066 5920  WmiAcpi - ok
12:50:32.0097 5920  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:50:32.0113 5920  wmiApSrv - ok
12:50:32.0175 5920  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:50:32.0222 5920  WMPNetworkSvc - ok
12:50:32.0253 5920  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:50:32.0284 5920  WPCSvc - ok
12:50:32.0300 5920  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:50:32.0347 5920  WPDBusEnum - ok
12:50:32.0378 5920  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:50:32.0409 5920  ws2ifsl - ok
12:50:32.0440 5920  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:50:32.0456 5920  wscsvc - ok
12:50:32.0456 5920  WSearch - ok
12:50:32.0534 5920  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:50:32.0581 5920  wuauserv - ok
12:50:32.0612 5920  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:50:32.0627 5920  WudfPf - ok
12:50:32.0643 5920  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:50:32.0674 5920  WUDFRd - ok
12:50:32.0705 5920  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:50:32.0721 5920  wudfsvc - ok
12:50:32.0752 5920  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:50:32.0799 5920  WwanSvc - ok
12:50:32.0830 5920  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
12:50:32.0846 5920  yukonw7 - ok
12:50:32.0846 5920  ================ Scan global ===============================
12:50:32.0877 5920  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:50:32.0893 5920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:50:32.0908 5920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:50:32.0924 5920  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:50:32.0939 5920  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:50:32.0955 5920  [Global] - ok
12:50:32.0955 5920  ================ Scan MBR ==================================
12:50:32.0955 5920  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:50:33.0251 5920  \Device\Harddisk0\DR0 - ok
12:50:33.0251 5920  ================ Scan VBR ==================================
12:50:33.0251 5920  [ B68D336008DB03F181039E403DEC3DF1 ] \Device\Harddisk0\DR0\Partition1
12:50:33.0251 5920  \Device\Harddisk0\DR0\Partition1 - ok
12:50:33.0283 5920  [ EC6A7314B5D26B97938CF72A9FAE976E ] \Device\Harddisk0\DR0\Partition2
12:50:33.0283 5920  \Device\Harddisk0\DR0\Partition2 - ok
12:50:33.0283 5920  ============================================================
12:50:33.0283 5920  Scan finished
12:50:33.0283 5920  ============================================================
12:50:33.0298 2732  Detected object count: 0
12:50:33.0298 2732  Actual detected object count: 0
         
Sauber?


Alt 20.02.2013, 12:39   #6
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Ist mein PC Viren und Trojanerfrei?

Alt 20.02.2013, 13:42   #7
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Code:
ATTFilter
ComboFix 13-02-18.02 - Administrator 20.02.2013  14:04:38.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3318.2162 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: McAfee® Security-as-a-Service *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: McAfee® Security-as-a-Service *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee® Security-as-a-Service *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-20 bis 2013-02-20  ))))))))))))))))))))))))))))))
.
.
2013-02-20 13:10 . 2013-02-20 13:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-19 10:51 . 2013-02-20 09:47	--------	d-----w-	c:\windows\system32\drivers\NST
2013-02-19 10:51 . 2013-02-19 10:51	--------	d-----w-	c:\program files\Norton Identity Safe
2013-02-19 10:51 . 2013-02-19 11:32	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2013-02-19 10:51 . 2013-02-19 10:51	142496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2013-02-19 10:51 . 2013-02-19 10:51	--------	d-----w-	c:\program files\Symantec
2013-02-19 10:50 . 2013-02-20 06:11	--------	d-----w-	c:\windows\system32\drivers\NAV
2013-02-19 10:50 . 2013-02-19 10:50	--------	d-----w-	c:\program files\Norton AntiVirus
2013-02-19 10:50 . 2013-02-19 10:52	--------	d-----w-	c:\programdata\Norton
2013-02-19 10:47 . 2013-02-19 10:51	--------	d-----w-	c:\program files\NortonInstaller
2013-02-14 06:27 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 06:27 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-14 06:27 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 06:27 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 06:27 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 06:27 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-13 09:58 . 2013-02-13 09:58	--------	d-----w-	c:\program files\Microsoft Lync
2013-02-13 09:57 . 2013-02-14 15:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-02-13 09:56 . 2013-02-13 09:56	--------	d-----w-	c:\program files\OCSetup
2013-01-31 09:49 . 2013-01-31 10:14	--------	d-----w-	C:\OkiDriver
2013-01-31 08:34 . 2013-01-31 08:35	--------	d-----w-	c:\program files\PDF24
2013-01-31 06:58 . 2013-01-31 07:15	--------	d-----w-	c:\program files\FrameMaker7.1
2013-01-31 06:58 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
2013-01-30 06:34 . 2013-02-14 06:29	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 06:34 . 2013-02-14 06:29	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-30 06:34 . 2013-01-30 06:34	--------	d-----w-	c:\windows\system32\Macromed
2013-01-29 14:41 . 2013-01-29 14:41	--------	d-----w-	c:\program files\FileZilla FTP Client
2013-01-29 13:54 . 2013-01-29 13:54	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2013-01-29 13:37 . 2013-01-31 07:15	--------	d-----w-	c:\program files\Common Files\Adobe
2013-01-29 13:33 . 2011-03-25 02:58	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-01-29 13:33 . 2011-03-25 02:57	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-01-29 13:33 . 2011-03-25 02:58	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-01-29 13:33 . 2011-03-25 02:58	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-01-29 13:33 . 2011-03-25 02:57	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-01-29 13:33 . 2011-03-25 02:57	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-01-29 13:33 . 2011-03-25 02:57	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-01-29 13:32 . 2011-03-11 05:39	148864	----a-w-	c:\windows\system32\drivers\storport.sys
2013-01-29 13:32 . 2011-03-11 05:38	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2013-01-29 13:32 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\system32\esent.dll
2013-01-29 13:32 . 2011-03-11 05:31	74240	----a-w-	c:\windows\system32\fsutil.exe
2013-01-29 13:32 . 2011-03-11 05:39	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2013-01-29 13:32 . 2011-03-11 05:39	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2013-01-29 13:32 . 2011-03-11 05:38	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2013-01-29 13:32 . 2011-03-11 05:38	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2013-01-29 13:18 . 2013-01-29 13:18	--------	d-----w-	c:\program files\Notepad++
2013-01-29 13:13 . 2013-01-31 08:04	--------	d-----w-	C:\Alter_PCs
2013-01-29 13:10 . 2013-02-13 09:58	--------	d-----w-	c:\users\Simetz
2013-01-29 13:08 . 2013-02-07 06:17	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-01-29 13:07 . 2013-01-29 13:07	--------	d-----w-	c:\programdata\Citrix
2013-01-29 13:06 . 2013-01-29 13:06	--------	d-----w-	c:\program files\Citrix
2013-01-29 13:06 . 2013-01-29 13:06	--------	d-----w-	c:\programdata\ESTOS
2013-01-29 13:06 . 2012-02-15 18:46	3306824	----a-w-	c:\windows\system32\EACUSrv.exe
2013-01-29 13:05 . 2012-02-15 18:38	872448	----a-w-	c:\windows\system32\edial.tsp
2013-01-29 13:05 . 2013-01-29 13:05	--------	d-----w-	c:\program files\ESTOS
2013-01-29 13:04 . 2012-09-04 10:00	373248	----a-w-	c:\windows\system32\MDConnector32X.dll
2013-01-29 13:04 . 2013-01-29 13:04	--------	d-----w-	c:\program files\Alt-N Technologies
2013-01-29 13:04 . 2012-09-04 10:00	3024384	----a-w-	c:\windows\system32\MDConnector32.dll
2013-01-29 13:01 . 2013-01-29 13:01	--------	d-----w-	c:\program files\TeamViewer
2013-01-29 12:54 . 2013-01-29 12:54	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2013-01-29 12:54 . 2013-01-29 14:51	--------	d-----w-	c:\program files\Microsoft.NET
2013-01-29 12:54 . 2013-01-29 12:54	--------	d-----w-	c:\windows\PCHEALTH
2013-01-29 12:54 . 2013-01-29 12:54	--------	d-----w-	c:\program files\Microsoft Sync Framework
2013-01-29 12:54 . 2013-01-29 12:54	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2013-01-29 12:53 . 2013-01-29 12:53	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2013-01-29 12:52 . 2013-01-29 12:52	--------	d-----w-	c:\program files\Microsoft Analysis Services
2013-01-29 12:51 . 2013-02-14 15:10	--------	d-----w-	c:\programdata\Microsoft Help
2013-01-29 12:51 . 2013-01-29 12:51	--------	d-----r-	C:\MSOCache
2013-01-29 12:30 . 2012-10-29 07:43	90576	----a-w-	c:\windows\system32\MfeOtlkAddin.dll
2013-01-29 12:30 . 2012-10-29 07:42	24168	----a-w-	c:\windows\system32\MFEOtlk.dll
2013-01-29 12:30 . 2012-10-29 07:43	9648	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2013-01-29 12:29 . 2012-10-29 07:44	167344	----a-w-	c:\windows\system32\mfevtps.exe
2013-01-29 12:29 . 2013-01-29 12:31	--------	d-----w-	c:\program files\Common Files\McAfee
2013-01-29 12:28 . 2013-01-29 14:04	--------	d-----w-	c:\program files\McAfee
2013-01-29 12:27 . 2013-01-29 12:31	--------	d-----w-	c:\programdata\McAfee
2013-01-29 12:13 . 2013-01-29 12:13	--------	d-----w-	c:\windows\system32\Lang
2013-01-29 12:13 . 2009-09-23 10:50	398336	----a-w-	c:\windows\system32\TVWizudlg.exe
2013-01-29 12:13 . 2009-09-23 10:49	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2013-01-29 12:13 . 2013-01-29 12:13	--------	d-----w-	c:\program files\Intel
2013-01-29 12:10 . 2013-01-29 12:10	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-01-29 12:01 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2013-01-29 12:01 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-01-29 12:01 . 2010-09-30 06:47	70656	----a-w-	c:\windows\system32\fontsub.dll
2013-01-29 11:55 . 2013-01-29 11:55	--------	d-----w-	c:\windows\system32\x64
2013-01-29 11:55 . 2009-09-23 18:30	1002008	----a-w-	c:\windows\system32\igxpun.exe
2013-01-29 11:43 . 2013-01-29 11:43	--------	d-----w-	c:\programdata\Corel
2013-01-29 11:40 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-01-29 11:40 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-01-29 11:40 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-01-29 11:39 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2013-01-29 11:39 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-01-29 11:39 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2013-01-29 11:39 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-01-29 11:39 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-01-29 11:39 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-01-29 11:39 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-01-29 11:39 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-01-29 11:39 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-01-29 11:39 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2013-01-29 11:36 . 2013-01-29 11:36	63488	----a-w-	c:\windows\system32\tdc.ocx
2013-01-29 11:34 . 2013-01-29 11:34	--------	d-----w-	c:\program files\Corel
2013-01-29 11:32 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2013-01-29 11:31 . 2013-02-14 15:10	--------	d-sh--w-	c:\windows\Installer
2013-01-29 11:27 . 2012-03-31 04:30	1221632	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-01-29 11:23 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
2013-01-29 11:19 . 2011-02-03 05:54	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-01-29 11:16 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2013-01-29 11:16 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2013-01-29 11:16 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2013-01-29 11:16 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2013-01-29 11:16 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2013-01-29 11:16 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2013-01-29 11:16 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2013-01-29 11:15 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2013-01-29 11:15 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2013-01-29 11:13 . 2013-02-14 06:28	--------	d-----w-	c:\users\Administrator
2013-01-29 11:10 . 2013-01-15 01:49	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB6AEAFE-1798-46DF-8EE6-9B78C806352B}\mpengine.dll
2013-01-29 10:41 . 2013-01-29 10:50	--------	d-----w-	c:\windows\Panther
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 10:00 . 2010-07-20 04:09	18160	----a-w-	c:\programdata\Microsoft\MSOIdentityCRL\production\msoidconfig.dll
2013-02-06 06:33 . 2013-02-06 06:33	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2012-11-13 480872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ECtiClient"="c:\program files\ESTOS\ProCall 3\eCtiClient.exe" [2012-02-15 19199304]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-28 12105344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InstHwApi"="c:\program files\McAfee\Managed VirusScan\Agent\myInx.exe" [2012-11-13 345704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Online Plug-in.lnk - c:\windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2013-1-29 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1402010.016\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1402010.016\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx86.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1402010.016\ccSetx86.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD02010.021\ccSetx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20130216.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1402010.016\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1402010.016\SYMNETS.SYS [x]
S2 EACUSrv;ESTOS Automatic Client Update;c:\windows\system32\EACUSrv.exe [x]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe [x]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-30 06:29]
.
.
------- Zusätzlicher Suchlauf -------
.
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
TCP: Interfaces\{D4127E74-D69B-4768-A57C-2C38E49B03CF}: NameServer = 172.19.176.11,172.19.180.144
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lrbs5bjn.default\
FF - ExtSQL: 2013-01-29 13:38; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\Common Files\McAfee\SystemCore
FF - ExtSQL: 2013-02-19 12:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-02-20 13:55; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.2.1.33\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,3b,1b,58,a1,a1,
   14,eb,e9,22,02,94,51,12,2a,bf,8b,a4,7b
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,39,f6,7e,
   ab,89,f2,68,03,ab,0f,6f,90,e8,4b,cc,e0
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,ca,a8,
   67,7e,21,17,07,ac,86,20,49,f1,5d,16,2e
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,
   ae,1e,5d,37,00,a0,29,01,f3,01,cf,46,e0
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:2f,46,13,1f,1a,fe,cd,01
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,33,ed,cc,b5,c9,40,af,96,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,fe,33,ed,cc,b5,c9,40,af,96,b7,\
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1838014601-1213019159-336170196-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-20  14:13:32
ComboFix-quarantined-files.txt  2013-02-20 13:13
.
Vor Suchlauf: 7 Verzeichnis(se), 276.012.171.264 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 276.256.591.872 Bytes frei
.
- - End Of File - - FF9A9E7D79087BF8F20049EDE4469C13
         

Alt 20.02.2013, 16:19   #8
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



sieht gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2013, 11:17   #9
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Wieder nichts.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
**:: ** [limitiert]

21.02.2013 12:09:55
mbam-log-2013-02-21 (12-09-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 153724
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 21.02.2013, 14:02   #10
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



so soll das ja im Idialfall auch sein.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.03.2013, 07:04   #11
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



CCleaner Piriform 25.02.2013 3.28 -> nötig
Citrix Online Plug-in Citrix Systems, Inc. 29.01.2013 12.3.0.8 -> nötig
CorelDRAW(R) Graphics Suite X4 Corel Corporation 29.01.2013 -> nötig
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 29.01.2013 2,93 MB -> nötig
ESTOS ProCall ESTOS 29.01.2013 54,5 MB 3.0.3.989 -> nötig
FileZilla Client 3.6.0.2 FileZilla Project 29.01.2013 17,1 MB 3.6.0.2 -> nötig
Intel(R) Graphics Media Accelerator Driver Intel Corporation 29.01.2013 54,2 MB 8.15.10.1930 -> nötig
Intel(R) TV Wizard Intel Corporation 29.01.2013 -> nötig
KeePass Password Safe 2.21 Dominik Reichl 21.02.2013 6,37 MB -> nötig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.02.2013 18,4 MB 1.70.0.1100 -> nicht mehr nötig
McAfee Browser Protection Service McAfee, Inc. 29.01.2013 6.0.0.339 -> nötig
McAfee Firewall Protection Service McAfee, Inc. 29.01.2013 6.0.0.339 -> nötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.01.2013 38,8 MB 4.0.30319 -> nötig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.01.2013 2,93 MB 4.0.30319 -> nötig
Microsoft Lync 2010 Microsoft Corporation 13.02.2013 74,1 MB 4.0.7577.4356 -> nötig
Microsoft Office Professional Plus 2010 Microsoft Corporation 29.01.2013 14.0.6029.1000 -> nötig
Microsoft Online Services-Anmelde-Assistent Microsoft Corporation 13.02.2013 3,75 MB 7.250.4122.0 -> nötig
Microsoft Silverlight Microsoft Corporation 14.02.2013 40,4 MB 4.1.10329.0 -> nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.02.2013 588 KB 9.0.30729.4148 -> nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.02.2013 600 KB 9.0.30729.6161 -> nötig
Mozilla Firefox 19.0 (x86 de) Mozilla 27.02.2013 44,4 MB 19.0 -> nötig
Mozilla Maintenance Service Mozilla 27.02.2013 330 KB 19.0 -> nötig
Notepad++ 29.01.2013 6.2.3 -> nötig
Outlook Connector for MDaemon Plug-in Alt-N Technologies. Ltd. 29.01.2013 2.3.0 -> nötig
PDF24 Creator 5.2.0 PDF24.org 31.01.2013 41,4 MB -> nötig
TeamViewer 5 Host TeamViewer GmbH 29.01.2013 5.1.16947 -> nötig
WinRAR 4.20 (32-Bit) win.rar GmbH 31.01.2013 4.20.0 -> nötig

Alt 01.03.2013, 12:55   #12
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



sieht unvollständig aus, fängt zb erst ab "c" an.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 06:29   #13
Galikor
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



Ups beim Kopieren hat er das Adobe Zeug nicht mitgenommen...

Adobe Acrobat 9 Standard - English, Français, Deutsch Adobe Systems 25.02.2013 9.0.0
Adobe AIR Adobe Systems Inc. 21.02.2013 1.5.3.9120
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 21.02.2013 2,42 MB 10.1.52.14
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00 MB 11.6.602.171
Adobe Media Player Adobe Systems Incorporated 21.02.2013 1.8

Alt 08.03.2013, 19:43   #14
markusg
/// Malware-holic
 
Ist mein PC Viren und Trojanerfrei? - Standard

Ist mein PC Viren und Trojanerfrei?



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
TeamViewer : würde ich nur bei Bedarf instalieren, wenn er unbedingt drauf sein muss, Upgrade auf Version 8

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ist mein PC Viren und Trojanerfrei?
100%, aktiviert, arbeiten, backup, befallen, böses, firewall, gerettet, hartnäckig, heute, mcafee, möglichkeiten, platt, programm, skript, troja, versteckte, viren, vorhanden, website



Ähnliche Themen: Ist mein PC Viren und Trojanerfrei?


  1. 2 vermutliche viren auf mein pc (windows xp sp3)
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (14)
  2. Mein PC hat Viren...eventuell google redirect?
    Log-Analyse und Auswertung - 23.09.2012 (5)
  3. Mein PC piept und mein Virenprogramm findet Viren....
    Log-Analyse und Auswertung - 01.12.2011 (3)
  4. Ist mein Computer viren- / malwarefrei?
    Log-Analyse und Auswertung - 19.11.2011 (1)
  5. [Hilfe] Mein USB- Stick ist Befallen von viren
    Antiviren-, Firewall- und andere Schutzprogramme - 07.01.2011 (3)
  6. Ich glaube mein pc hat viren bitte hilfee
    Log-Analyse und Auswertung - 23.07.2009 (1)
  7. Viren, Trojaner usw. in mein PC????
    Log-Analyse und Auswertung - 21.06.2009 (1)
  8. Mein Nootbook: Viren o.ä Verdacht
    Log-Analyse und Auswertung - 25.10.2008 (3)
  9. Ist mein Pc Befallen von Viren bzw Trojaner?
    Log-Analyse und Auswertung - 27.05.2008 (1)
  10. Hilfe mein PC hat Viren. Was muss ich tun?
    Mülltonne - 25.11.2007 (4)
  11. ist mein PC mit trojanern oder viren verseucht????
    Mülltonne - 21.10.2007 (0)
  12. mein Vater hat mir viren us eingefangen
    Log-Analyse und Auswertung - 26.09.2007 (4)
  13. Ist mein System clean? (2 Viren gefixt)
    Log-Analyse und Auswertung - 11.07.2007 (36)
  14. Ein Blick auf mein LogFile - evtl. Viren
    Log-Analyse und Auswertung - 30.05.2007 (2)
  15. Mein Log - Wahrscheinlich 2 Viren/Trojaner
    Log-Analyse und Auswertung - 13.06.2006 (11)
  16. Mein Freund hat 3 Viren
    Plagegeister aller Art und deren Bekämpfung - 27.05.2005 (2)
  17. Mein eScan log.Wie entferne ich die Viren?
    Log-Analyse und Auswertung - 14.04.2005 (8)

Zum Thema Ist mein PC Viren und Trojanerfrei? - Hi, also wie folgt hat es sich verhalten. Unsere Website war befallen durch ein böses Skript und eine FTP-Attacke hatten wir auch. Der FTP wurde per Backup gerettet, das Skript - Ist mein PC Viren und Trojanerfrei?...
Archiv
Du betrachtest: Ist mein PC Viren und Trojanerfrei? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.