Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bitcoin Miner c:\windows\logs\logonui.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.11.2014, 11:53   #1
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



hallo

ich habe folgendes problem.
es sind 3x windows 2008 r2 server betroffen.
system läuft extrem zäh. -> im Taskmanager LogonUI.exe verwendet alle systemresourcen.. diese logonui liegt unter c:\windows\logs\logonui.exe.
laut Sophos ist es Adware/PUA 'Bitcoin Miner'

wie werde ich das ding wieder los?
sophos schafft es nicht, das ding dauerhaft zu entfernen.
wenn ich es manuell lösche, taucht die datei nach einem systemneustart wieder auf.
die einzige provisorische möglichkeit die zurzeit besteht das problem zu umgehen ist, die betroffenen logonui.exe zu löschen, und mit einer leeren txt datei welche auf logonui.exe umbenannt wurde zu ersetzten.

aber das ist ja nicht die lösung des problems.
habe heute nacht die desinfect 2014 drüber laufen lassen. findet nur die logonui.exe. und kann es auch nicht dauerhaft entfernen.

hat jemand eine idee, wie man das gute stück dauerhaft los wird?
bin über jeden rat dankbar.

Alt 18.11.2014, 12:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 18.11.2014, 13:14   #3
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



hier die 2 files je server.

FRST (SERVER109) - hier ist die LogonUI.exe zurzeit aktiv und belastet das System

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Administrator (administrator) on KORBK001LKO on 18-11-2014 12:45:07
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator & WMI Mapper & WbemConsumer (Available profiles: BUAdmin & Administrator & WMI Mapper & WbemConsumer)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
(Hewlett-Packard Company) C:\HP\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(HP) C:\Windows\AppCompat\hpagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apache Software Foundation) C:\Program Files (x86)\HP\RS\BIN\hprsmain.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.BKUPEXEC\MSSQL\Binn\sqlservr.exe
() C:\Windows\Logs\LogonUI.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\CM\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\CM\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\CM\Radstgms.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\smhstart.exe
() C:\Program Files (x86)\The Open Group\WMI Mapper\bin\wbemcons.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\svctools\common\wccproxy\share\WCCProxy.exe
() C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WMIServer.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\rotatelogs.exe
(Apache Software Foundation) C:\Program Files (x86)\HP\RS\BIN\hprsreceivers.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\rotatelogs.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\HP\hpsmh\bin\rotatelogs.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beserver.exe
(Hewlett Packard) C:\Program Files (x86)\HP\RS\SNMP_TRAP_LISTENER_WIN32\BIN\HPTL4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Oracle Corporation) C:\Program Files (x86)\HP\RS\jre\bin\java.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\benetns.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\bengine.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe
(Oracle Corporation) C:\Program Files (x86)\HP\RS\jre\bin\java.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Oracle Corporation) C:\Program Files (x86)\HP\RS\jre\bin\java.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Oracle Corporation) C:\Program Files (x86)\HP\RS\jre\bin\java.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Oracle Corporation) C:\Program Files (x86)\HP\RS\jre\bin\java.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\svctools\common\wccproxy\share\CAAgents.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\postgres.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\vxmon_full.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => C:\Windows\system32\Ati2mdxx.exe [35840 2009-06-24] (ATI Technologies, Inc.)
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [40448 2013-12-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-14] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-382396471-1622426277-1176889423-500\...\Run: [VxBeMon] => C:\Program Files\Symantec\Backup Exec\vxmon_full.exe [1033552 2014-05-13] (Symantec Corporation)
HKU\S-1-5-21-382396471-1622426277-1176889423-500\...\MountPoints2: {610a10a9-532e-11e1-ac26-2c768aa986c0} - E:\Browser.exe
HKU\S-1-5-21-382396471-1622426277-1176889423-500\...\MountPoints2: {dc52d17b-6c16-11e1-b603-2c768aa986c0} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-382396471-1622426277-1176889423-500] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-382396471-1622426277-1176889423-500] => 10.246.140.120:8080
HKU\S-1-5-21-382396471-1622426277-1176889423-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-382396471-1622426277-1176889423-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKU\S-1-5-21-382396471-1622426277-1176889423-500 -> DefaultScope {E5177A9E-690F-4191-B91C-610D60BF9879} URL = hxxp://www.google.at/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-382396471-1622426277-1176889423-500 -> {E5177A9E-690F-4191-B91C-610D60BF9879} URL = hxxp://www.google.at/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: hpapp - No CLSID Value
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\..\Interfaces\{4E597226-A632-4E41-8C8A-941942EC3FE8}: [NameServer] 10.250.0.90,10.1.5.142
Tcpip\..\Interfaces\{C5EBC68D-2D6A-423D-9A03-5F68D76AB208}: [NameServer] 10.250.0.90,10.1.5.142

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [2440016 2014-05-13] (Symantec Corporation)
R2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [505680 2014-05-13] (Symantec Corporation)
R2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [2336080 2014-05-13] (Symantec Corporation)
R2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [15550288 2014-05-13] (Symantec Corporation)
R2 BackupExecManagementService; C:\Program Files\Symantec\Backup Exec\BackupExecManagementService.exe [262992 2014-05-13] (Symantec Corporation)
R2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [10968400 2014-05-13] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\bedbg.exe [660304 2014-05-13] (Symantec Corporation)
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [266128 2014-01-09] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [194048 2013-07-29] (Hewlett-Packard Company) [File not signed]
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [16384 2013-12-17] (Hewlett-Packard Company) [File not signed]
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1390080 2012-09-13] (Hewlett-Packard Company) [File not signed]
R2 CqLMgServs; C:\Windows\AppCompat\hpagent.exe [4764160 2014-06-19] (HP) [File not signed]
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [15760 2014-01-09] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15760 2014-01-09] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2013-11-05] (Hewlett-Packard Company) [File not signed]
S4 DESTA_Service; C:\Program Files (x86)\HP\svctools\common\share\DESTAService.exe [133632 2011-11-11] () [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 HPRSMAIN; C:\Program Files (x86)\HP\RS\BIN\hprsmain.exe [74240 2014-04-18] (Apache Software Foundation) [File not signed]
R2 HPRSRECEIVERS; C:\Program Files (x86)\HP\RS\BIN\hprsreceivers.exe [74240 2014-04-18] (Apache Software Foundation) [File not signed]
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2013-12-12] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3114464 2012-05-18] (Symantec Corporation)
R2 MSSQL$BKUPEXEC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.BKUPEXEC\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [262424 2013-05-29] (Hewlett-Packard Company)
R2 radexecd; C:\Program Files (x86)\HP\CM\radexecd.exe [300776 2011-12-05] (Hewlett-Packard)
R2 radsched; C:\Program Files (x86)\HP\CM\radsched.exe [190184 2011-12-05] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\HP\CM\Radstgms.exe [333544 2011-12-05] (Hewlett-Packard)
S4 RSClient; C:\Program Files (x86)\HP\RemoteSupport\bin\clientmanager.exe [5214208 2011-08-09] (Hewlett-Packard Company) [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-14] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)
S4 SQLAgent$BKUPEXEC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.BKUPEXEC\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-14] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-14] (Sophos Limited)
S3 SWM-SIMcontext; C:\Program Files (x86)\HP\CM\RSSWM\SWM-SIM\SWM-SIMcontext.exe [28672 2010-06-01] () [File not signed]
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [262424 2013-05-29] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [736256 2013-12-06] (Hewlett-Packard Company) [File not signed]
S4 UnifiedCollector; C:\Program Files (x86)\HP\UnifiedCollector\bin\uc.exe [1142784 2011-08-23] (Hewlett-Packard Company) [File not signed]
R2 WbemConsumer; C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WbemCons.exe [73728 2014-04-10] () [File not signed]
R2 WCCProxy; C:\Program Files (x86)\HP\svctools\common\wccproxy\share\WCCProxy.exe [36352 2011-06-10] (Hewlett-Packard Company) [File not signed]
R2 WMI Mapper; C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WMIServer.exe [45056 2014-04-10] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [256512 2013-12-11] (Hewlett-Packard Company)
R3 CPQTeamMP; C:\Windows\System32\DRIVERS\cpqteam.sys [256512 2013-12-11] (Hewlett-Packard Company)
R1 halfinchVRTS; C:\Windows\System32\DRIVERS\halfinch.sys [57392 2008-01-23] (Symantec Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [169872 2013-10-28] (Hewlett-Packard Company)
S3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [19456 2013-07-08] (Hewlett-Packard)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43920 2013-11-23] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [47384 2013-05-22] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [131280 2013-12-18] (Broadcom Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [28208 2007-08-23] (Symantec Corporation)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [29184 2009-07-14] (Microsoft Corporation)
R3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [45872 2014-01-28] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-14] ()
R0 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [117552 2014-01-29] (Symantec Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S3 CQDETECT; \SystemRoot\system32\drivers\cqdetect.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 12:45 - 2014-11-18 12:45 - 00022051 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-18 12:44 - 2014-11-18 12:45 - 00000000 ____D () C:\FRST
2014-11-18 12:44 - 2014-11-18 12:28 - 02117120 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-11-18 11:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2014-11-18 11:22 - 2014-11-18 11:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-18 11:12 - 2014-11-18 11:13 - 00000000 ____D () C:\AdwCleaner
2014-11-18 11:12 - 2014-11-18 10:17 - 02140160 _____ () C:\Users\Administrator\Desktop\AdwCleaner_4.101.exe
2014-11-18 10:22 - 2014-11-18 10:06 - 00688992 _____ (Swearware) C:\Users\Administrator\Desktop\dds.exe
2014-11-18 09:25 - 2014-11-18 09:24 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\autoruns.exe
2014-11-18 09:24 - 2014-11-18 09:24 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\procexp.exe
2014-11-18 09:24 - 2014-11-18 09:24 - 01188194 _____ () C:\Users\Administrator\Downloads\ProcessExplorer.zip
2014-11-18 09:24 - 2014-11-18 09:24 - 00511633 _____ () C:\Users\Administrator\Downloads\Autoruns.zip
2014-11-18 09:24 - 2014-11-18 09:24 - 00000000 ____D () C:\Users\Administrator\Downloads\ProcessExplorer
2014-11-18 09:24 - 2014-11-18 09:24 - 00000000 ____D () C:\Users\Administrator\Downloads\Autoruns
2014-11-18 08:54 - 2014-11-18 08:54 - 00000000 ____D () C:\logsvirus
2014-11-17 13:09 - 2014-11-17 13:09 - 00000000 ____D () C:\.Trash-999
2014-11-15 05:31 - 2014-11-15 05:31 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{A290875C-2DC8-4A26-90D5-048CF28BC58B}.asrpnp.tmp.xml
2014-11-15 03:52 - 2014-11-15 03:52 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{E27A9709-5A64-4896-9821-46ACD572DB0A}.asrpnp.tmp.xml
2014-11-15 00:49 - 2014-11-15 00:49 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{D2B79D8B-0388-4AFF-A08F-7C42A593A9DE}.asrpnp.tmp.xml
2014-11-14 09:30 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-14 09:27 - 2014-11-14 09:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\7zE784C.tmp
2014-11-14 09:27 - 2014-11-14 09:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\7zE21C3.tmp
2014-11-14 09:27 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mrt.exe
2014-11-14 09:27 - 2014-10-31 23:22 - 00091328 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\mrtstub.exe
2014-11-14 09:22 - 2014-11-14 09:23 - 32507072 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.18.exe
2014-11-14 08:35 - 2014-11-14 08:35 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-14 08:35 - 2014-11-14 08:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-14 08:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2014-11-14 08:29 - 2014-11-14 08:29 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\vuxbo.sys
2014-11-14 08:12 - 2014-11-14 08:12 - 730157598 _____ () C:\Windows\MEMORY.DMP
2014-11-14 08:12 - 2014-11-14 08:12 - 00274968 _____ () C:\Windows\Minidump\111414-20498-01.dmp
2014-11-14 08:12 - 2014-11-14 08:12 - 00000000 ____D () C:\Windows\Minidump
2014-11-14 08:07 - 2014-11-14 08:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-14 08:07 - 2014-11-14 08:07 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-14 04:41 - 2014-11-14 04:41 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{E0AA6E95-50B7-43FB-AF34-AA3A13F5BFD6}.asrpnp.tmp.xml
2014-11-14 03:10 - 2014-11-14 03:10 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{7E70F2F2-D473-4853-B928-FFC0F81B35D1}.asrpnp.tmp.xml
2014-11-14 00:36 - 2014-11-14 00:36 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{1B29E24A-6B8F-45F5-993B-2A10FE8285CA}.asrpnp.tmp.xml
2014-11-13 05:22 - 2014-11-13 05:22 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{697FEB7C-29AE-4832-9A28-680D555E5B41}.asrpnp.tmp.xml
2014-11-13 03:40 - 2014-11-13 03:40 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{E4D1E9B1-8893-4071-A344-C6DC2F25DAF9}.asrpnp.tmp.xml
2014-11-13 00:49 - 2014-11-13 00:49 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{70DE52E5-D704-47F5-93DC-20C92B2636FE}.asrpnp.tmp.xml
2014-11-12 05:24 - 2014-11-12 05:24 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{AB7D3596-52A5-465F-97B1-3D150332780E}.asrpnp.tmp.xml
2014-11-12 03:38 - 2014-11-12 03:38 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{9C42E090-E7FA-4E3C-A45A-B1E6BDF83256}.asrpnp.tmp.xml
2014-11-12 00:48 - 2014-11-12 00:48 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{2C71C55A-537F-4381-B67D-A7778112E415}.asrpnp.tmp.xml
2014-11-11 05:21 - 2014-11-11 05:21 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{DDF0321D-2F9D-4FB1-8B9A-D4D253DE6CDF}.asrpnp.tmp.xml
2014-11-11 03:37 - 2014-11-11 03:37 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{B4C6F8F6-EDD9-4669-B67A-D97C3BC645CB}.asrpnp.tmp.xml
2014-11-11 00:48 - 2014-11-11 00:48 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{48ACFDBA-A354-4F80-9459-95A33A5B7169}.asrpnp.tmp.xml
2014-11-10 19:31 - 2014-11-10 19:31 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\-1947333913
2014-11-10 19:25 - 2014-11-10 19:26 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\-1947654167
2014-11-10 19:20 - 2014-11-10 19:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\-1947974406
2014-11-08 05:20 - 2014-11-08 05:20 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{3168CB17-00DB-40D4-8F81-228D377E5DEB}.asrpnp.tmp.xml
2014-11-08 03:36 - 2014-11-08 03:36 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{61320454-32D4-43DA-A3FC-A974111A1204}.asrpnp.tmp.xml
2014-11-08 00:48 - 2014-11-08 00:48 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{573E9CCE-46D8-4EB4-B9ED-E170181C82EB}.asrpnp.tmp.xml
2014-11-07 07:16 - 2014-11-07 07:16 - 00004426 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-07 07:16 - 2014-11-07 07:16 - 00000024 _____ () C:\Users\Administrator\AppData\Local\Temp\RDD7D8.tmp
2014-11-07 07:16 - 2014-11-07 07:16 - 00000000 _____ () C:\Users\Administrator\AppData\Local\Temp\RD3073.tmp
2014-11-07 07:16 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-07 07:16 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-07 07:16 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-07 07:16 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-07 05:22 - 2014-11-07 05:22 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{B7B27D10-EF12-48C7-9547-5B1D08E08CB8}.asrpnp.tmp.xml
2014-11-07 03:38 - 2014-11-07 03:38 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{7AC002CD-6E04-470D-96F9-5CC277CBA9AE}.asrpnp.tmp.xml
2014-11-07 00:49 - 2014-11-07 00:49 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{9FCA1238-A899-481A-92D2-CB10101B0240}.asrpnp.tmp.xml
2014-11-06 05:17 - 2014-11-06 05:17 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{D621DC06-3D5A-4F82-84D4-5913C535AF74}.asrpnp.tmp.xml
2014-11-06 03:35 - 2014-11-06 03:35 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{96E9B1AE-7452-4C94-AC44-380ED7AA79B2}.asrpnp.tmp.xml
2014-11-06 00:48 - 2014-11-06 00:48 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{80294486-69BC-4AEC-955F-5114E5F92870}.asrpnp.tmp.xml
2014-11-05 05:21 - 2014-11-05 05:21 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{E79952C9-C738-49C8-ABB6-CD9FD50088FF}.asrpnp.tmp.xml
2014-11-05 03:35 - 2014-11-05 03:35 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{89917734-16A1-4FE5-BF36-DE9BB4F5FF59}.asrpnp.tmp.xml
2014-11-05 00:48 - 2014-11-05 00:48 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{407C1A8F-AC19-459F-AB3F-56731D7792B8}.asrpnp.tmp.xml
2014-11-04 05:28 - 2014-11-04 05:28 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{5983825A-5C73-451C-A95C-D8C728DF3E2A}.asrpnp.tmp.xml
2014-11-04 03:41 - 2014-11-04 03:41 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{C4F87997-240B-41DB-84D4-81253B0CD6B4}.asrpnp.tmp.xml
2014-11-04 00:54 - 2014-11-04 00:54 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{128DB700-4ADB-4288-A255-48226B445B1D}.asrpnp.tmp.xml
2014-11-01 05:19 - 2014-11-01 05:19 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{5B3BC4EE-A793-4BCF-90F8-025520F30554}.asrpnp.tmp.xml
2014-11-01 03:38 - 2014-11-01 03:38 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{B1E49D71-BCF8-4C5C-8D19-EAF58EDD6CA1}.asrpnp.tmp.xml
2014-11-01 00:52 - 2014-11-01 00:52 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{EC5C79EA-001F-48E6-B195-F46D60FF4DC7}.asrpnp.tmp.xml
2014-10-31 05:28 - 2014-10-31 05:28 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{5A3D3EF5-C8F7-4864-AE28-D776C3DD8D4B}.asrpnp.tmp.xml
2014-10-31 03:44 - 2014-10-31 03:44 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{115BB4B7-29C6-4D2A-8839-B6949A5A2936}.asrpnp.tmp.xml
2014-10-31 00:55 - 2014-10-31 00:55 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{92F0D346-4A9D-463B-B565-DCB86FB0A0AD}.asrpnp.tmp.xml
2014-10-30 05:35 - 2014-10-30 05:35 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{914F6B0D-4DF7-45EF-9FB0-174DB1BAAB58}.asrpnp.tmp.xml
2014-10-30 03:49 - 2014-10-30 03:49 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{11AFC538-4E53-4C29-9388-30D8AC89FF65}.asrpnp.tmp.xml
2014-10-30 01:00 - 2014-10-30 01:00 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{F2A0668B-62DB-4923-AA0A-33CDED609A63}.asrpnp.tmp.xml
2014-10-29 05:37 - 2014-10-29 05:37 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{EA891578-9C75-4AFF-AB76-3700B7F1BC73}.asrpnp.tmp.xml
2014-10-29 03:55 - 2014-10-29 03:55 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{ED6048FA-8885-4281-9C0A-A31C971BACCE}.asrpnp.tmp.xml
2014-10-29 03:08 - 2014-10-29 03:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1251949363
2014-10-29 03:03 - 2014-10-29 03:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1251629124
2014-10-29 02:58 - 2014-10-29 02:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1251308886
2014-10-29 02:52 - 2014-10-29 02:53 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1250988647
2014-10-29 01:08 - 2014-10-29 01:08 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{857F179D-8A76-49B7-BC61-08E97413699E}.asrpnp.tmp.xml
2014-10-29 00:07 - 2014-10-29 00:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1241066453
2014-10-29 00:02 - 2014-10-29 00:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1240746214
2014-10-28 23:16 - 2014-10-28 23:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1238025135
2014-10-25 18:50 - 2014-10-25 18:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\962832601
2014-10-25 04:43 - 2014-10-25 04:43 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{30050441-3607-43D0-8161-1693FCBDBCB2}.asrpnp.tmp.xml
2014-10-25 03:03 - 2014-10-25 03:03 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{C9A08A4E-364F-4405-9141-ACB5D2A43EC6}.asrpnp.tmp.xml
2014-10-25 00:09 - 2014-10-25 00:09 - 00000004 _____ () C:\Users\Administrator\AppData\Local\Temp\{772A315F-F279-4E15-A5AA-A4D507ACC715}.asrpnp.tmp.xml
2014-10-22 00:13 - 2014-10-22 00:13 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\636616024
2014-10-22 00:03 - 2014-10-22 00:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\635995749
2014-10-21 23:57 - 2014-10-21 23:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\635675494

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 11:53 - 2010-11-21 06:48 - 00782848 _____ () C:\Windows\system32\perfh007.dat
2014-11-18 11:53 - 2010-11-21 06:48 - 00176536 _____ () C:\Windows\system32\perfc007.dat
2014-11-18 11:53 - 2009-07-14 06:10 - 01852194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 11:49 - 2012-03-22 10:20 - 03507375 _____ () C:\Windows\system32\besnmp.TRC
2014-11-18 11:47 - 2012-02-09 13:03 - 01946065 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 11:44 - 2013-03-15 14:23 - 00000000 ____D () C:\BEData
2014-11-18 11:43 - 2012-02-09 18:02 - 00000000 ____D () C:\ProgramData\Symantec
2014-11-18 11:43 - 2009-07-14 06:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 11:36 - 2012-02-10 10:21 - 58963834 _____ () C:\Windows\system32\Dashboard.log
2014-11-18 11:30 - 2012-02-09 13:03 - 00000000 ____D () C:\Users\Administrator
2014-11-18 09:28 - 2009-07-14 05:49 - 00027616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 09:28 - 2009-07-14 05:49 - 00027616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 20:00 - 2012-02-16 07:47 - 00000542 _____ () C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job
2014-11-16 19:07 - 2013-06-19 14:35 - 00041194 _____ () C:\Users\Administrator\AppData\Local\Temp\JavaDeployReg.log
2014-11-16 19:07 - 2012-03-22 11:09 - 00027292 _____ () C:\Users\Administrator\AppData\Local\Temp\jusched.log
2014-11-16 19:07 - 2012-03-22 11:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2014-11-15 06:25 - 2014-07-28 14:57 - 01006494 _____ () C:\Users\Administrator\AppData\Local\Temp\KOROPEL.DR.TMP
2014-11-15 05:31 - 2013-04-25 15:27 - 01242861 _____ () C:\Users\Administrator\AppData\Local\Temp\KORAUTOPOL.DR.TMP
2014-11-15 03:52 - 2013-04-25 21:38 - 01889819 _____ () C:\Users\Administrator\AppData\Local\Temp\KORSQ001LKO.DR.TMP
2014-11-15 01:00 - 2012-03-22 11:50 - 00000410 _____ () C:\Windows\Tasks\At4.job
2014-11-15 00:49 - 2013-04-25 19:29 - 01947410 _____ () C:\Users\Administrator\AppData\Local\Temp\KORTS001LKO.DR.TMP
2014-11-14 11:18 - 2013-06-26 07:25 - 00000000 ___HD () C:\Backup Exec AOFO Store
2014-11-14 08:13 - 2014-03-26 09:07 - 00000000 ____D () C:\Users\WMI Mapper
2014-11-14 08:13 - 2014-03-26 09:07 - 00000000 ____D () C:\Users\WbemConsumer
2014-11-14 08:12 - 2010-11-21 04:47 - 00161656 _____ () C:\Windows\PFRO.log
2014-11-13 17:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-07 07:16 - 2014-01-20 16:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-07 07:16 - 2012-06-25 14:34 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-07 07:16 - 2012-03-22 11:02 - 00031749 _____ () C:\Users\Administrator\AppData\Local\Temp\java_install_reg.log

Files to move or delete:
====================
C:\Windows\Tasks\At4.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:52

==================== End Of Log ============================
         
--- --- ---


ADDITION (SERVER109)
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Administrator at 2014-11-18 12:46:27
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Application Compatibility Toolkit (Version: 8.59.25584 - Microsoft) Hidden
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
Broadcom Management Programs (HKLM\...\{28299A10-B31C-43CE-9644-69A16C2AD6BD}) (Version: 16.4.5.5 - Broadcom Corporation)
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Hewlett-Packard Remote Support Client (HKLM-x32\...\{0CB7BB63-7690-4BB3-88E1-D4BFB3805C6A}) (Version: 05.70.05 - Hewlett-Packard)
HP Array Configuration Utility (HKLM-x32\...\{7A54069A-184F-4EC9-AF20-52286EC40956}) (Version: 9.30.15.0 - Hewlett-Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{D160035A-CFF0-49C6-BE19-B9EFDE4AEBF2}) (Version: 9.30.15.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics  Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 9.64.1262 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{AD2C33EA-C88D-46E1-B7AA-D5EBFB1A000F}) (Version: 9.50.0.0 - Hewlett-Packard Company)
HP Insight Management WBEM Providers for Windows Server x64 Editions (HKLM\...\HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}) (Version: 9.5.0.0 - Hewlett-Packard Company)
HP Insight Remote Support (HKLM-x32\...\RemoteSupportSoftwareManager) (Version: A.05.70 - Hewlett-Packard Company)
HP Insight Remote Support, v7.1.0.0057 (HKLM-x32\...\{FA5E1338-02E6-4B91-98ED-454475E7891E}) (Version: 7.1.0.0057 - Hewlett-Packard Development Company, L.P.)
HP Library and Tape Tools (HKLM-x32\...\InstallShield_{FF2A1B6D-2CE8-43E2-B095-49C089C8B626}) (Version: 4.14.0.0 - Hewlett-Packard)
HP Lights-Out Online Configuration Utility (HKLM\...\{7CE77EEE-2681-4201-A379-AB359F13F8A7}) (Version: 4.3.0.0 - Hewlett-Packard Development Company, L.P.)
HP Mission Critical Common Component (MC3) (HKLM-x32\...\{B33E9714-E439-43B8-AD50-F7F788BBD571}) (Version: 05.60.08 - Hewlett-Packard)
HP P4000 CLI (HKLM-x32\...\{ABFD71EE-6248-4A21-8025-54DDF9FB2FAD}) (Version: 9.5.0.1050 - HP)
HP ProLiant iLO 3/4 Channel Interface Driver (HKLM\...\HP-{85171634-98E9-47E5-9E56-96BBC7FE1715}) (Version: 3.10.0.0 - Hewlett-Packard Company)
HP ProLiant iLO 3/4 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.9.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{1C8F84CD-86A9-4E55-B768-7B4C0A6DBC78}) (Version: 7.0.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Remote Support Configuration Collector (HKLM\...\{5F58F16D-FF83-4389-836C-10A191D850DA}) (Version: 05.70.06.011 - Hewlett-Packard)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{92CD62C0-4588-4B86-9635-3953F0B681EA}) (Version: 6.36.0.64 - Hewlett-Packard Development Company, L.P.)
HP Smart Storage Administrator (HKLM\...\{1C85E741-305F-4B0C-911D-ACA8EECC17C0}) (Version: 1.60.17.0 - Hewlett-Packard Development Company, L.P.)
HP Smart Storage Administrator CLI (HKLM\...\{D6C6E983-17FC-4695-860F-85300487F813}) (Version: 1.60.17.0 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 7.3.1 - Hewlett-Packard Development Company, L.P.)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 7.1.2.0 - Hewlett Packard Development Company, L.P.)
HP WEBES 6.3 (HKLM-x32\...\{1A7B62CB-341E-401F-9379-AC344064291A}) (Version: 6.3 - Hewlett-Packard Company)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.100.15 - Symantec Corporation)
Merge64 (Version: 1.00.0000 - Your Company Name) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (HKLM-x32\...\{72DEBE5A-5667-3966-8E8D-2FD5FBCCB7DD}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Pegasus WMI Mapper v7.3.2 (HKLM-x32\...\{EA745EDA-001D-47B5-BA80-111107A8B244}) (Version: 7.3.2.0 - The Open Group)
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
psqlODBC (HKLM-x32\...\{838E187D-8B7A-473D-B93C-C8E970B15D2B}) (Version: 08.03.0400 - PostgreSQL Global Development Group)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Symantec Backup Exec (TM) 2014 (HKLM\...\Symantec Backup Exec 14.1) (Version: 14.1.1786 - Symantec Corporation)
Symantec Backup Exec (Version: 14.1.1786 - Symantec Corporation) Hidden
Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden
User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) Hidden
VMware vSphere CLI (HKLM-x32\...\{E60422F6-23F5-446A-B26D-70FF3092BF84}) (Version: 5.0.0.2748 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
Volume Activation Management Tool (x32 Version: 8.59.25584 - Microsoft) Hidden
WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11F0E565-D51D-4214-8F3A-30D061B528DD} - System32\Tasks\Neue zeitgesteuerte Überprüfung => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-05-20] (Sophos Limited)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {7951FD38-B4A2-4435-934E-889085FBB5B6} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => Cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-21] (Microsoft Corporation)
Task: {C7943126-2D11-4057-991D-124594F78A3C} - System32\Tasks\At4 => C:\Program Files (x86)\HP\installers\Lib3\PolicyEnforcer.exe [2011-12-05] () <==== ATTENTION
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\At4.job => C:\Program Files (x86)\HP\installers\Lib3\PolicyEnforcer.exe
Task: C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================== Loaded Modules (whitelisted) =============

2009-11-06 14:33 - 2009-11-06 14:33 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2013-12-12 22:56 - 2013-12-12 22:56 - 00032768 _____ () C:\Program Files\HPWBEM\Storage\Service\CQMGSTOR.dll
2013-12-12 22:56 - 2013-12-12 22:56 - 00029696 _____ () C:\Program Files\HPWBEM\Storage\Service\cqstrutl.dll
2013-12-12 22:56 - 2013-12-12 22:56 - 00057856 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMSCSI.DLL
2013-12-12 22:56 - 2013-12-12 22:56 - 00041472 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMDISK.dll
2013-12-12 22:56 - 2013-12-12 22:56 - 00055808 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQSAS.DLL
2014-11-18 11:43 - 2014-11-18 11:43 - 01184283 _____ () C:\Windows\Logs\LogonUI.exe
2014-11-13 17:59 - 2014-11-18 11:43 - 00089600 _____ () C:\Windows\Logs\zlib1.dll
2013-12-17 10:21 - 2013-12-17 10:21 - 00050176 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2013-12-17 10:23 - 2013-12-17 10:23 - 00215552 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2013-12-17 10:21 - 2013-12-17 10:21 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2013-12-17 10:21 - 2013-12-17 10:21 - 00024576 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00224256 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00026112 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2012-03-22 10:52 - 2013-12-06 12:41 - 01619456 _____ () C:\hp\hpsmh\bin\libxml2.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00073728 ____N () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WbemCons.exe
2012-03-22 10:52 - 2013-12-06 12:41 - 01619456 _____ () C:\HP\hpsmh\modules\libxml2.dll
2012-12-13 14:26 - 2013-12-06 12:41 - 00080384 _____ () C:\HP\hpsmh\modules\zlib1.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00045056 ____N () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WMIServer.exe
2013-12-17 10:23 - 2013-12-17 10:23 - 00215552 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00044544 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2013-11-05 03:33 - 2013-11-05 03:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00106496 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2013-11-05 03:33 - 2013-11-05 03:33 - 00055808 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2014-11-18 11:44 - 2014-11-18 11:44 - 00008704 _____ () C:\ProgramData\Symantec\CRF\ASP Temporary Files\crf\50492ed2\d7265c90\assembly\dl3\30d03d48\b004bc9a_1c03d001\App_Web_lwi4dtds.DLL
2013-12-12 22:56 - 2013-12-12 22:56 - 00880640 _____ () C:\Program Files\HPWBEM\Storage\dll\infomgr.dll
2009-11-13 15:40 - 2009-11-13 15:40 - 00140856 _____ () C:\Program Files (x86)\HP\CM\expat.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 23:01 - 2012-09-17 23:01 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 23:01 - 2012-09-17 23:01 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 01327104 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegcommon.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00108544 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegconfig.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00048128 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegexportclient.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00160256 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegclient.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00072704 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegslp_client.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00256512 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\WMIProvider.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00261120 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegwmiserver.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00203776 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegrepository.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00053248 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegquerycommon.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00045568 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegexportserver.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00056320 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\peguser.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00052224 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegauthentication.dll
2014-04-10 16:27 - 2014-04-10 16:27 - 00029184 _____ () C:\Program Files (x86)\The Open Group\WMI Mapper\bin\pegservice.dll
2014-04-18 16:12 - 2014-04-18 16:12 - 00194048 _____ () C:\Program Files (x86)\HP\RS\snmp_trap_listener_win32\bin\curllib.dll
2014-04-18 16:12 - 2014-04-18 16:12 - 00110592 _____ () C:\Program Files (x86)\HP\RS\snmp_trap_listener_win32\bin\OpenLDAP.dll
2014-02-18 12:34 - 2014-02-18 12:34 - 01036800 _____ () C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\libxml2.dll
2014-02-18 12:34 - 2014-02-18 12:34 - 00126464 _____ () C:\Program Files (x86)\HP\RS\postgresql_9_win32\lib\plpgsql.dll
2011-06-10 14:57 - 2011-06-10 14:57 - 01748992 _____ () C:\Program Files (x86)\HP\svctools\common\wccproxy\share\cvclient.dll
2011-06-10 14:57 - 2011-06-10 14:57 - 00073728 _____ () C:\Program Files (x86)\HP\svctools\common\wccproxy\share\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-382396471-1622426277-1176889423-500 - Administrator - Enabled) => C:\Users\Administrator
BUAdmin (S-1-5-21-382396471-1622426277-1176889423-1003 - Administrator - Enabled) => C:\Users\BUAdmin
Gast (S-1-5-21-382396471-1622426277-1176889423-501 - Limited - Disabled)
IRS_USER (S-1-5-21-382396471-1622426277-1176889423-1013 - Administrator - Enabled)
SophosSAUKORBK001LK0 (S-1-5-21-382396471-1622426277-1176889423-1008 - Limited - Enabled)
SQLBackup (S-1-5-21-382396471-1622426277-1176889423-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tcpipreg
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 11:45:01 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.

Error: (11/18/2014 11:43:47 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: ein anderer Server läuft möglicherweise; versuche trotzdem zu starten


System errors:
=============
Error: (11/18/2014 11:45:20 AM) (Source: DCOM) (EventID: 10009) (User: )
Description: 10.246.140.102

Error: (11/18/2014 11:43:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TCP/IP Registry Compatibility" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058


Microsoft Office Sessions:
=========================
Error: (11/18/2014 11:45:01 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 11:43:47 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: ein anderer Server läuft möglicherweise; versuche trotzdem zu starten


CodeIntegrity Errors:
===================================
  Date: 2014-11-18 10:20:25.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-18 10:20:25.570
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-18 10:20:25.440
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-17 00:30:37.610
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-17 00:30:37.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-17 00:30:37.224
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 00:30:37.783
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 00:30:37.592
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-16 00:30:37.393
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-15 00:31:04.692
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\HP\UnifiedCollector\bin\HookDLL.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5649 @ 2.53GHz
Percentage of memory in use: 30%
Total physical RAM: 12277.8 MB
Available physical RAM: 8568.69 MB
Total Pagefile: 24553.78 MB
Available Pagefile: 20502.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2047.9 GB) (Free:1303.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2235.5 GB) (Disk ID: 6B1B89A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2047.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 18.11.2014, 13:14   #4
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



FRST (SERVER103) - hier ist die Logonui.exe mit einer leeren datei ersetzt.

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Administrator (administrator) on KORSQ001LKO on 18-11-2014 12:38:04
Running from C:\Users\Administrator\Desktop
Loaded Profiles: MOTIONDATA & smit & MOTIONDATA3 & RSServiceUser & Administrator (Available profiles: MOTIONDATA & ehrentrautw & MOTIONDATA2 & buchgraberp & MOTIONDATA4 & smit & MOTIONDATA3 & motiondata1 & lunzerc & MOTIONDATA5 & RSServiceUser & mdtaskcont & Administrator)
Platform: Windows Server 2008 R2 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD File Distributor\MD_FileDistributor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSAS10_50.EBV\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSAS10_50.MELACH\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSAS10_50.MOTIONDATA\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MELACH\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\sqlservr.exe
() D:\fsales\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSRS10_50.EBV\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSRS10_50.MELACH\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD Citroen Peugeot ServiceBox\MOTIONDATA Citroen Peugeot ServiceBox.exe
(Tanuki Software, Ltd.) D:\fsales\jetty\fmade\frmwrk.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_SMSReminderService\SMSReminderService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MELACH\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
() C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_ATMD\DoAuto.EXE
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(HP) C:\Windows\AppCompat\hpagent.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(OpenOffice.org) D:\fsales\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) D:\fsales\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Tanuki Software, Ltd.) D:\fsales\jetty\bin\fsales.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jdk1.6.0_27\bin\java.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_AufGen\AufGenSrv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jdk1.6.0_27\bin\java.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMware Tools] => C:\Program Files\VMware\VMware Tools\VMwareTray.exe [60016 2011-06-07] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [65648 2011-06-07] (VMware, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-14] (Sophos Limited)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> D:\fsales\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-574537195-154972057-3776881541-500] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-574537195-154972057-3776881541-500] => 10.246.140.120:8080
HKU\S-1-5-21-574537195-154972057-3776881541-1014\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-574537195-154972057-3776881541-1014\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-574537195-154972057-3776881541-1091\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-574537195-154972057-3776881541-1091\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-574537195-154972057-3776881541-1092\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-574537195-154972057-3776881541-1092\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-574537195-154972057-3776881541-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-574537195-154972057-3776881541-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKU\S-1-5-21-574537195-154972057-3776881541-1014 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} hxxp://localhost/Reports_Korneuburg/Reserved.ReportViewerWebControl.axd?ReportSession=vgh1rd45tgjq4obgdnnu1sjk&Culture=3079&CultureOverrides=False&UICulture=7&UICultureOverrides=False&ReportStack=1&ControlID=e0f178369e4840a4a74dd06468d49dc8&OpType=PrintCab&Arch=X86
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 19 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 20 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll [63088] (VMware, Inc.)
Winsock: Catalog9 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win64\vsocklib.dll [66672] (VMware, Inc.)
Winsock: Catalog9-x64 20 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win64\vsocklib.dll [66672] (VMware, Inc.)
Winsock: Catalog9-x64 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [173864] (Sophos Limited)
Tcpip\..\Interfaces\{372CDFBD-EA22-4ED4-875E-A9D7D04CB197}: [NameServer] 10.250.0.90,10.1.5.142

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe [1994096 2012-01-23] (Symantec Corporation)
S3 BackupExecVSSProvider; C:\Program Files\Symantec\Backup Exec\RAWS\VSS Provider\bevssprovider.exe [148336 2012-01-20] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe [353648 2012-01-12] (Symantec Corporation)
R2 CqLMgServs; C:\Windows\AppCompat\hpagent.exe [4764160 2014-06-19] (HP) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 MDAufGen$Korneuburg; C:\Program Files (x86)\MOTIONDATA\MD_AufGen\AufGenSrv.exe [46592 2014-09-16] (MOTIONDATA Software GmbH) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 MOTIONDATA Automatikdienst; C:\Program Files (x86)\MOTIONDATA\MD_ATMD\DoAuto.EXE [1621792 2014-09-05] (MOTIONDATA Software GmbH)
R2 MOTIONDATA Configurator Service; C:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exe [12800 2014-05-12] (MOTIONDATA Software GmbH) [File not signed]
R2 MOTIONDATA File Distributor; C:\Program Files (x86)\MOTIONDATA\MD File Distributor\MD_FileDistributor.exe [45856 2014-02-20] (MOTIONDATA Software GmbH)
S4 Motiondata Opel Garantieservice; C:\Program Files (x86)\MOTIONDATA Software GmbH\MD_OpelGarantieSetup\OpelGarantie.exe [9728 2014-04-14] (Motiondata Software GmbH) [File not signed]
R2 MOTIONDATA Task Controller; C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe [116000 2014-09-30] ()
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220104 2012-06-29] (Microsoft Corporation)
R2 MSOLAP$EBV; D:\Program Files\Microsoft SQL Server\MSAS10_50.EBV\OLAP\bin\msmdsrv.exe [53245896 2012-06-29] (Microsoft Corporation)
R2 MSOLAP$MELACH; D:\Program Files\Microsoft SQL Server\MSAS10_50.MELACH\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
R2 MSOLAP$MOTIONDATA; D:\Program Files\Microsoft SQL Server\MSAS10_50.MOTIONDATA\OLAP\bin\msmdsrv.exe [53245896 2012-06-29] (Microsoft Corporation)
R2 MSSQL$EBV; D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R2 MSSQL$MELACH; D:\Program Files\Microsoft SQL Server\MSSQL10_50.MELACH\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R2 MSSQL$MOTIONDATA; D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$EBV; D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\fdlauncher.exe [41416 2012-06-29] (Microsoft Corporation)
R3 MSSQLFDLauncher$MOTIONDATA; D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\fdlauncher.exe [41416 2012-06-29] (Microsoft Corporation)
R2 MySQL; D:\fsales\MySQL\MySQL Server 5.1\my.ini [9343 2012-09-13] () [File not signed]
S3 PDVFSService; C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe [301720 2012-03-30] ()
R2 ReportServer$EBV; D:\Program Files\Microsoft SQL Server\MSRS10_50.EBV\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2193352 2012-06-29] (Microsoft Corporation)
R2 ReportServer$MELACH; D:\Program Files\Microsoft SQL Server\MSRS10_50.MELACH\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2010-04-03] (Microsoft Corporation)
R2 ReportServer$MOTIONDATA; D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2193352 2012-06-29] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
R2 Service1; C:\Program Files (x86)\MOTIONDATA\MD Citroen Peugeot ServiceBox\MOTIONDATA Citroen Peugeot ServiceBox.exe [9216 2013-09-06] (MOTIONDATA Software GmbH) [File not signed]
R2 SMIT Applikationsserver; D:\fsales\jetty\bin\fsales.exe [369432 2012-09-13] (Tanuki Software, Ltd.)
R2 SMIT Framework; D:\fsales\jetty\fmade\frmwrk.exe [332288 2010-10-16] (Tanuki Software, Ltd.) [File not signed]
R2 SMS Reminder Service; C:\Program Files (x86)\MOTIONDATA\MD_SMSReminderService\SMSReminderService.exe [38400 2012-11-05] (MOTIONDATA Software GmbH) [File not signed]
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-14] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)
S3 SQLAgent$EBV; D:\Program Files\Microsoft SQL Server\MSSQL10_50.EBV\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 SQLAgent$MELACH; D:\Program Files\Microsoft SQL Server\MSSQL10_50.MELACH\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 SQLAgent$MOTIONDATA; D:\Program Files\Microsoft SQL Server\MSSQL10_50.MOTIONDATA\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-14] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-14] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R1 PDVFSDriver; C:\Windows\System32\drivers\pdfsd.sys [79480 2012-03-30] (Symantec Corporation)
S4 PDVFSNP; No ImagePath
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [114296 2011-10-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 12:38 - 2014-11-18 12:38 - 00021912 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-18 12:36 - 2014-11-18 12:38 - 00000000 ____D () C:\FRST
2014-11-18 12:36 - 2014-11-18 12:28 - 02117120 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-11-18 10:37 - 2014-11-18 10:37 - 00181968 _____ () C:\Users\MOTIONDATA\Desktop\RG_KNSADMIN_34.csv
2014-11-18 10:37 - 2014-11-18 10:37 - 00045814 _____ () C:\Users\MOTIONDATA\Desktop\RG_KNSADMIN_34.zip
2014-11-18 09:42 - 2014-11-18 09:42 - 00126976 _____ (Omikron) C:\Users\smit\AppData\Local\Temp\fact-lib-windows-x86.dll1655156379845027827
2014-11-18 04:27 - 2014-11-18 04:27 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1776114293169716382.tmp
2014-11-18 03:25 - 2014-11-18 03:25 - 00000000 ____D () C:\Users\smit\AppData\Local\Temp\Jetty_0_0_0_0_8181_fsales____7oiv3d
2014-11-17 15:04 - 2014-11-17 15:04 - 02017922 _____ () C:\Users\MOTIONDATA3\Desktop\ARTBEAUS.CSV
2014-11-17 15:04 - 2014-11-17 15:04 - 00136079 _____ () C:\Users\MOTIONDATA3\Desktop\ARTBEAUS.zip
2014-11-17 14:17 - 2014-11-18 12:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2014-11-17 11:35 - 2014-11-17 15:04 - 00000000 ____D () C:\Users\MOTIONDATA3\AppData\Local\Temp\4
2014-11-17 04:23 - 2014-11-17 04:23 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1346779980429922053.tmp
2014-11-16 04:24 - 2014-11-16 04:24 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile4615604715804510807.tmp
2014-11-15 04:29 - 2014-11-15 04:29 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8263671982880944391.tmp
2014-11-14 04:27 - 2014-11-14 04:27 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile2051460700570716648.tmp
2014-11-13 04:27 - 2014-11-13 04:27 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1558298701110713404.tmp
2014-11-12 04:25 - 2014-11-12 04:25 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile4866949122796247135.tmp
2014-11-11 01:08 - 2014-11-11 01:08 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile9026133997747516170.tmp
2014-11-10 04:25 - 2014-11-10 04:25 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7710787322847135537.tmp
2014-11-09 04:29 - 2014-11-09 04:29 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile954882515346888227.tmp
2014-11-08 07:58 - 2014-11-08 07:58 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile4338803297214835407.tmp
2014-11-08 04:55 - 2014-11-08 04:55 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile5953568956343021508.tmp
2014-11-07 07:16 - 2014-11-07 07:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile3623734555044355213.tmp
2014-11-07 07:09 - 2014-11-07 07:09 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8873731088373004388.tmp
2014-11-07 07:07 - 2014-11-07 07:07 - 08585216 _____ () C:\Users\smit\AppData\Local\Temp\receivedFile5722616358156849021tmp
2014-11-07 07:07 - 2014-11-07 07:07 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile2623601342412013837.tmp
2014-11-07 07:03 - 2014-11-07 07:03 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile972954934067441908.tmp
2014-11-07 06:58 - 2014-11-07 06:58 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7378572339611609117.tmp
2014-11-07 06:53 - 2014-11-07 06:53 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8731145796510115927.tmp
2014-11-07 06:47 - 2014-11-07 06:47 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7412867982613229723.tmp
2014-11-07 06:34 - 2014-11-07 06:34 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile4018033478138177446.tmp
2014-11-07 06:11 - 2014-11-07 06:11 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile2154612571696116486.tmp
2014-11-07 06:05 - 2014-11-07 06:05 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7643126810265435206.tmp
2014-11-07 06:02 - 2014-11-07 06:02 - 06029312 _____ () C:\Users\smit\AppData\Local\Temp\receivedFile6091861158020818075tmp
2014-11-07 06:02 - 2014-11-07 06:02 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8072778914244807768.tmp
2014-11-07 05:54 - 2014-11-07 05:54 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7530500642167819775.tmp
2014-11-07 05:41 - 2014-11-07 05:41 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile2378426000956889148.tmp
2014-11-07 05:29 - 2014-11-07 05:29 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8223112270867863620.tmp
2014-11-07 05:14 - 2014-11-07 05:14 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile9179570060149101921.tmp
2014-11-07 05:03 - 2014-11-07 05:03 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8622737783038438702.tmp
2014-11-07 04:54 - 2014-11-07 04:54 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile3330080046345648066.tmp
2014-11-06 06:16 - 2014-11-06 06:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile6176047309683185942.tmp
2014-11-06 00:35 - 2014-11-06 00:35 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile188107703685494015.tmp
2014-11-05 22:28 - 2014-11-05 22:28 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile35699396204793000.tmp
2014-11-05 04:17 - 2014-11-05 04:17 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile4629686014612301621.tmp
2014-11-04 20:28 - 2014-11-04 20:28 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1135174589293448838.tmp
2014-11-04 04:15 - 2014-11-04 04:15 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1133500442357171778.tmp
2014-11-03 13:11 - 2014-11-03 13:11 - 00001365 _____ () C:\Users\MOTIONDATA3\Desktop\Fehlende Lagerbewegung generieren.sql
2014-11-03 04:27 - 2014-11-03 04:27 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile6549901099693154471.tmp
2014-11-02 04:16 - 2014-11-02 04:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile392754019792861811.tmp
2014-11-01 04:28 - 2014-11-01 04:28 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7804329777476342761.tmp
2014-10-31 04:29 - 2014-10-31 04:29 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7655426495440188337.tmp
2014-10-30 10:08 - 2014-11-05 15:54 - 00004444 _____ () C:\Users\MOTIONDATA3\Desktop\RGJ Kreisersetzungen.sql
2014-10-30 04:19 - 2014-10-30 04:19 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile8736096313881644817.tmp
2014-10-29 08:47 - 2014-11-18 10:37 - 00497736 _____ () C:\Users\MOTIONDATA\Desktop\RG_KNSADMIN_8.csv
2014-10-29 04:16 - 2014-10-29 04:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1290772990013138556.tmp
2014-10-28 04:18 - 2014-10-28 04:18 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1327436951415404088.tmp
2014-10-27 04:16 - 2014-10-27 04:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile5226139459506321450.tmp
2014-10-26 04:16 - 2014-10-26 04:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile2284764107222928119.tmp
2014-10-25 03:15 - 2014-10-25 03:15 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile1224994005882000968.tmp
2014-10-24 08:17 - 2014-11-18 11:28 - 00000000 ____D () C:\Users\MOTIONDATA\AppData\Local\Temp\3
2014-10-24 03:16 - 2014-10-24 03:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile9005229218192124102.tmp
2014-10-23 12:23 - 2014-10-23 12:23 - 00000322 _____ () C:\Users\MOTIONDATA3\Desktop\SQLQuery1.sql
2014-10-23 03:16 - 2014-10-23 03:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile5670445163024119258.tmp
2014-10-22 03:16 - 2014-10-22 03:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7716311426305163812.tmp
2014-10-21 07:41 - 2014-10-14 08:12 - 00001390 _____ () C:\Users\MOTIONDATA3\Desktop\RWA Textbereinigung.sql
2014-10-21 03:16 - 2014-10-21 03:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile6369690796906236493.tmp
2014-10-20 03:16 - 2014-10-20 03:16 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile7196889906271443242.tmp
2014-10-19 03:23 - 2014-10-19 03:23 - 00000000 _____ () C:\Users\smit\AppData\Local\Temp\tmpFile5717705168482764504.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 10:12 - 2012-01-17 14:14 - 01183465 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 09:43 - 2009-07-14 05:49 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 09:43 - 2009-07-14 05:49 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 09:41 - 2012-09-13 09:13 - 00000000 ____D () C:\Users\smit\AppData\Local\Temp\hsperfdata_smit
2014-11-17 21:30 - 2012-09-13 14:44 - 00000630 _____ () C:\Windows\Tasks\Fsales_Backup.job
2014-11-17 20:00 - 2012-02-16 08:03 - 00000542 _____ () C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job
2014-11-17 11:40 - 2012-09-13 10:02 - 00000000 ____D () C:\Users\MOTIONDATA3\Documents\SQL Server Management Studio
2014-11-15 03:09 - 2013-04-25 20:57 - 00000000 ___HD () C:\Backup Exec AOFO Store
2014-11-13 17:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-13 16:28 - 2014-04-30 14:00 - 00001479 _____ () C:\Users\Public\Desktop\MOTIONDATA Online Update Manager.lnk
2014-11-13 16:28 - 2012-01-25 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOTIONDATA
2014-11-13 16:24 - 2012-01-19 15:04 - 00000000 ____D () C:\Users\Administrator\Documents\SQL Server Management Studio
2014-11-04 16:58 - 2012-08-08 12:15 - 00000000 ____D () C:\Users\MOTIONDATA4\Documents\SQL Server Management Studio
2014-10-30 10:05 - 2013-04-15 12:43 - 00000000 ____D () C:\Users\MOTIONDATA3\Documents\Visual Studio 2008
2014-10-22 13:13 - 2014-03-05 09:45 - 00006790 _____ () C:\Users\MOTIONDATA3\AppData\Local\Temp\jusched.log
2014-10-22 13:13 - 2014-03-05 09:45 - 00000306 _____ () C:\Users\MOTIONDATA3\AppData\Local\Temp\JavaDeployReg.log
2014-10-22 13:13 - 2014-03-05 09:45 - 00000000 ____D () C:\Users\MOTIONDATA3\AppData\Local\Temp\hsperfdata_MOTIONDATA3
2014-10-21 11:18 - 2014-04-16 16:17 - 00001545 _____ () C:\Users\Public\Desktop\Task Controller Konfiguration.lnk
2014-10-21 10:53 - 2014-04-14 17:16 - 00000000 _____ () C:\Windows\system32\vireng.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:28

==================== End Of Log ============================
         
--- --- ---


ADDITION (SERVER103)
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Administrator at 2014-11-18 12:38:54
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
AFPL Ghostscript 8.14 (HKLM-x32\...\AFPL Ghostscript 8.14) (Version:  - )
AFPL Ghostscript Fonts (HKLM-x32\...\AFPL Ghostscript Fonts) (Version:  - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (HKLM-x32\...\{8B871377-E4B0-4C39-BB98-EEBE84471911}) (Version: 10.5.0.0 - Business Objects)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}.KB947789) (Version: 1 - Microsoft Corporation)
IBM Informix-Connect (HKLM-x32\...\{4433F7BA-CEFD-11D6-B57A-00B0D07B9190}) (Version: 2.81 - IBM Informix)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java(TM) SE Development Kit 6 Update 27 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle)
LeechFTP  (HKLM-x32\...\LeechFTP) (Version:  - )
MD Citroen Peugeot ServiceBox (HKLM-x32\...\{848886A1-853A-45E4-ADDC-913CEEBF666B}) (Version: 1.0.0 - MOTIONDATA)
MD_OpelGarantieSetup (HKLM-x32\...\{D6781964-3659-4782-9866-154F2E9AE641}) (Version: 1.0.0 - MOTIONDATA Software GmbH)
MD_SMSReminderService (HKLM-x32\...\{333647B9-1110-4B90-8245-CA60962CA667}) (Version: 1.0.0 - MOTIONDATA)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0407-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{992B55F9-FD13-42C5-8B3C-B7E9F998A969}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Onlinedokumentation (HKLM-x32\...\{A8549109-D8D3-41FC-9359-A169B334E049}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Richtlinien (HKLM-x32\...\{78033A38-50E2-4A65-823F-C1B34DF9FE41}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Setup (Deutsch) (HKLM\...\{8E7A48F0-44F6-4ECD-86E1-C345CDD35791}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{8DD113A8-811A-404E-A4D7-443D014946AC}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU (HKLM-x32\...\{3888A22E-1A9E-4DBE-A93B-42385141F37D}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) de (HKLM\...\{3C711911-AC30-4AEF-8BF6-3E9BA0BF0F9C}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x64) de (HKLM\...\{1F0313F5-008A-4BC0-AA0B-6068A8A2E4AE}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - DEU (HKLM-x32\...\{3B9F2A30-6230-37E3-A23F-AA996C6EE1F3}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}) (Version: 9.0.35191 - Microsoft Corporation)
MOTIONDATA Auftragsgenerierung (Korneuburg) (HKLM-x32\...\{24751AE5-E726-401A-B6EB-1324629D7634}) (Version: 7.1.49.26 - MOTIONDATA Software GmbH)
MOTIONDATA Automatikdienst (HKLM-x32\...\{F64BFB8A-C6C1-4093-ABC8-F98CE9901851}) (Version: 6.4.0.31 - MOTIONDATA Software GmbH)
MOTIONDATA Client (Korneuburg) (HKLM-x32\...\{B9D3C5FC-2927-4F5F-9457-473E63F9F1A5}) (Version: 6.4.0.23 - MOTIONDATA Software GmbH)
MOTIONDATA Configurator (HKLM-x32\...\{4268B2D6-05F9-4B0D-AFAE-51D7E415DC9B}_is1) (Version: 3.0.12.17 - MOTIONDATA Software GmbH)
MOTIONDATA Database (Korneuburg) (HKLM-x32\...\{3710AFD3-B4E9-4543-9543-F29F87CC901D}) (Version: 6.4.0.23 - MOTIONDATA Software GmbH)
MOTIONDATA File Distributor (HKLM-x32\...\{AD4B229C-47B0-4DEB-A274-E27B84222091}_is1) (Version: 1.0.36.23 - MOTIONDATA Software GmbH)
MOTIONDATA FileStore (Korneuburg) (HKLM-x32\...\{4B5198DD-671D-4082-B820-F4644FB1864C}) (Version: 6.4.0.23 - MOTIONDATA Software GmbH)
MOTIONDATA MIS (Korneuburg) (HKLM-x32\...\{5BB2C7D2-1D80-426B-A492-A40EFD02922A}) (Version: 3.0.2008.6 - MOTIONDATA Software GmbH)
MOTIONDATA Online Update Manager (HKLM-x32\...\{5291704F-8C11-43F2-A20F-3BE420E1BF7E}_is1) (Version: 3.1.53.56 - MOTIONDATA Software GmbH)
MOTIONDATA Script Commander (HKLM-x32\...\{F4FF119D-616D-4227-B1A3-0A37B5F841A1}_is1) (Version: 4.1.25.26 - MOTIONDATA Software GmbH)
MOTIONDATA Task Controller (HKLM-x32\...\{7776928B-28CB-4CD4-BBFD-A32EE22379BC}_is1) (Version: 2.0.209.194 - MOTIONDATA Software GmbH)
MySQL Server 5.1 (HKLM-x32\...\{68EAE22B-5785-44FE-8587-45BDA1772784}) (Version: 5.1.58 - Oracle Corporation)
MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.)
OpenOffice.org 3.2 (HKLM-x32\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
OpenOffice.org 3.2 SDK (HKLM-x32\...\{27F0C6F4-A172-463E-A71E-40A386F00EB1}) (Version: 3.2.9502 - OpenOffice.org)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
SQL Server 2008 R2 Analysis Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Analysis Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 BI Development Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Client Tools (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Integration Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Reporting Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQLyog Community 9.20 (HKLM-x32\...\SQLyog Community) (Version: 9.20 - Webyog Softworks Pvt. Ltd.)
Symantec Backup Exec Remote Agent for Windows (HKLM\...\Remote Agent for Windows Servers) (Version: 14.0.1798 - Symantec Corporation)
Symantec Backup Exec Remote Agent for Windows (Version: 14.0.1798 - Symantec Corporation) Hidden
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
VMware Tools (HKLM\...\{A5CD39D8-F8A7-494F-9357-878A4AB6537F}) (Version: 8.6.0.6261 - VMware, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FC2C609-E700-4573-A4B9-5F50C727F2BF} - System32\Tasks\Fibu Daten Abstellen => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {1022529C-6F37-4823-8549-D2633A5EA098} - System32\Tasks\Daisy Datenträger Korneuburg KST 32 => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_Daisy\MD_RLH_Daisy.exe [2013-12-05] (MOTIONDATA Software GmbH)
Task: {2601DCE9-9814-47E1-A986-A642CA48A2CE} - System32\Tasks\MD Buchungstabelle f. AXP Vergleich erstellen => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_AXP_Comparer\MD_AIX_Comparer.exe [2014-06-03] (MOTIONDATA Software GmbH)
Task: {3805C096-71AD-49CF-966A-982741B537DE} - System32\Tasks\Gängigkeitsberechnung für Ersatzteile => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {4EBE689F-A1A2-4592-A6C4-8083D65FB85F} - System32\Tasks\Daisy Datenträger Korneuburg KST 05 => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_Daisy\MD_RLH_Daisy.exe [2013-12-05] (MOTIONDATA Software GmbH)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {7538B222-52E2-4A84-8A67-BF1DA2B379EB} - System32\Tasks\Neue zeitgesteuerte Überprüfung => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-05-20] (Sophos Limited)
Task: {909666CF-BFBA-4926-99CF-B9783D707EEA} - System32\Tasks\MD RGJ 2012 + 2013 alle Filialen erstellen => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_Rohgewinnjournal\MD_RLH_Rohgewinnjournal.exe [2014-06-03] (MOTIONDATA Software GmbH)
Task: {A862C89A-DB78-4834-BE30-DB554E1CF875} - System32\Tasks\Fahrzeugbörsen Export MDCarweb u.car4you => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtFzgBoerse.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-21] (Microsoft Corporation)
Task: {B7C7A6C8-A01C-4397-9C87-E7B73BB9169B} - System32\Tasks\DBANK Daten Abstellen => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_DBank\MD_RLH_DBANK.exe [2014-04-04] (MOTIONDATA Software GmbH)
Task: {C25EC421-688E-45EB-ADF7-B161FC6DB58F} - System32\Tasks\Kellys Waagdaten senden => C:\Users\Public\Documents\Export Kellysdaten.vbs [2014-08-27] ()
Task: {CD99779B-95D1-4A7B-85A5-3C99963ECA51} - System32\Tasks\Lagerabgleich für alle Betriebe => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {CDDCEE3D-C371-4ACA-8229-2309345BB140} - System32\Tasks\Future Preise schreiben => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {CEDFEB71-279E-4ECB-A81C-93101A2D7181} - System32\Tasks\OPEL MAFAT Datei Senden => C:\Users\Public\Documents\Mail senden OPEL MAFAT.vbs [2014-07-28] ()
Task: {CF5DA178-08E1-47F7-85B0-C9F828C666EC} - System32\Tasks\MOTIONDATA AUFGEN Service neu Starten => D:\MOTIONDATA_DAT\MD_BACKUP\Aufgen Service Starten.bat [2013-06-13] ()
Task: {D39095DE-6CBC-4E1A-B176-497164851E12} - System32\Tasks\Fsales_Backup => D:\fsales\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe [2009-02-25] (MySQL AB)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {DB93E282-AF62-4FCE-AF81-9B4E04392880} - System32\Tasks\Kopieren der SQL Backups => D:\MOTIONDATA_DAT\PDF Signatur\Kopieren der SQL Backups.bat [2012-02-21] ()
Task: {E1A935A7-2394-4D86-B244-F02859F83937} - System32\Tasks\Daisy Datenträger Korneuburg KST 15 => C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_Daisy\MD_RLH_Daisy.exe [2013-12-05] (MOTIONDATA Software GmbH)
Task: {EB8065BE-34D3-427A-BC72-3FF49A7AA5EB} - System32\Tasks\Automatischer Preisimport => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtMakeCom.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {F09E27BA-FC81-4D79-A22C-052D4D4F8585} - System32\Tasks\Jetty restart => D:\fsales\jetty\bin\jetty_restart.cmd [2012-09-13] ()
Task: {F37D3406-4F07-46A7-A52B-AE078729617A} - System32\Tasks\Monatslauf für Lagerfahrzeuge => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: {FFCAC751-F7BA-4493-A9B2-D4354CDE9307} - System32\Tasks\Import der offenen Salden => C:\Program Files (x86)\MOTIONDATA\MD_PGM\ExtRun.EXE [2014-11-07] (MOTIONDATA Software GmbH)
Task: C:\Windows\Tasks\Fsales_Backup.job => D:\fsales\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe
Task: C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================== Loaded Modules (whitelisted) =============

2012-03-30 13:31 - 2012-03-30 13:31 - 00087704 _____ () C:\Windows\System32\PDVFSNP.dll
2012-01-25 13:34 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-07-01 17:46 - 2011-07-01 17:46 - 06107136 _____ () D:\fsales\MySQL\MySQL Server 5.1\bin\mysqld.exe
2014-07-02 07:31 - 2014-07-02 07:31 - 00003584 _____ () D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\RSTempFiles\reports_korneuburg\1ecf9fa2\89dfd586\App_global.asax.zy9ttvib.dll
2014-07-02 07:31 - 2014-07-02 07:31 - 00004608 _____ () D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\RSTempFiles\reports_korneuburg\1ecf9fa2\89dfd586\App_Web_kmt9irkk.dll
2014-07-02 07:31 - 2014-07-02 07:31 - 00015872 _____ () D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\RSTempFiles\reports_korneuburg\1ecf9fa2\89dfd586\App_Web_ry86zvn8.dll
2014-07-02 07:31 - 2014-07-02 07:31 - 00003584 _____ () D:\Program Files\Microsoft SQL Server\MSRS10_50.MOTIONDATA\Reporting Services\RSTempFiles\reportserver_motiondata\40bf10a1\cec57ca\App_global.asax.wk594_xz.dll
2014-04-16 16:17 - 2014-09-30 14:38 - 00116000 _____ () C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe
2011-06-07 07:49 - 2011-06-07 07:49 - 00077824 _____ () C:\Program Files\VMware\VMware Tools\sigc-2.0.dll
2011-06-07 07:48 - 2011-06-07 07:48 - 00780400 _____ () C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-17 22:52 - 2012-09-17 22:52 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 22:52 - 2012-09-17 22:52 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2010-05-04 14:36 - 2010-05-04 14:36 - 00970752 _____ () D:\fsales\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-574537195-154972057-3776881541-500 - Administrator - Enabled) => C:\Users\Administrator
antls (S-1-5-21-574537195-154972057-3776881541-1061 - Limited - Enabled)
bartalr (S-1-5-21-574537195-154972057-3776881541-1140 - Limited - Enabled)
beerhj (S-1-5-21-574537195-154972057-3776881541-1059 - Limited - Enabled)
binderm (S-1-5-21-574537195-154972057-3776881541-1156 - Limited - Enabled)
blehap (S-1-5-21-574537195-154972057-3776881541-1080 - Limited - Enabled)
brandstetterh (S-1-5-21-574537195-154972057-3776881541-1076 - Limited - Enabled)
breitse (S-1-5-21-574537195-154972057-3776881541-1104 - Limited - Enabled)
buchgraberp (S-1-5-21-574537195-154972057-3776881541-1070 - Administrator - Enabled) => C:\Users\buchgraberp
buscht (S-1-5-21-574537195-154972057-3776881541-1028 - Limited - Enabled)
derossie (S-1-5-21-574537195-154972057-3776881541-1139 - Limited - Enabled)
ebv (S-1-5-21-574537195-154972057-3776881541-1149 - Administrator - Enabled)
ebwkjd (S-1-5-21-574537195-154972057-3776881541-1098 - Limited - Enabled)
ederma (S-1-5-21-574537195-154972057-3776881541-1106 - Limited - Enabled)
ehrentrautw (S-1-5-21-574537195-154972057-3776881541-1015 - Administrator - Enabled) => C:\Users\ehrentrautw
ellinger (S-1-5-21-574537195-154972057-3776881541-1159 - Limited - Enabled)
fahrbacha (S-1-5-21-574537195-154972057-3776881541-1036 - Limited - Enabled)
fellnerr (S-1-5-21-574537195-154972057-3776881541-1040 - Limited - Enabled)
frankd (S-1-5-21-574537195-154972057-3776881541-1157 - Limited - Enabled)
freymuellerm (S-1-5-21-574537195-154972057-3776881541-1030 - Limited - Enabled)
Gast (S-1-5-21-574537195-154972057-3776881541-501 - Limited - Disabled)
goestld (S-1-5-21-574537195-154972057-3776881541-1023 - Limited - Enabled)
goestlm (S-1-5-21-574537195-154972057-3776881541-1038 - Limited - Enabled)
hammerlb (S-1-5-21-574537195-154972057-3776881541-1107 - Limited - Enabled)
harasg (S-1-5-21-574537195-154972057-3776881541-1108 - Limited - Enabled)
hasukic (S-1-5-21-574537195-154972057-3776881541-1105 - Limited - Enabled)
hofstett (S-1-5-21-574537195-154972057-3776881541-1109 - Limited - Enabled)
holzmanne (S-1-5-21-574537195-154972057-3776881541-1043 - Limited - Enabled)
idingera (S-1-5-21-574537195-154972057-3776881541-1025 - Limited - Enabled)
kandlerh (S-1-5-21-574537195-154972057-3776881541-1047 - Limited - Enabled)
kelm (S-1-5-21-574537195-154972057-3776881541-1110 - Limited - Enabled)
klausl (S-1-5-21-574537195-154972057-3776881541-1026 - Limited - Enabled)
kloiberc (S-1-5-21-574537195-154972057-3776881541-1129 - Limited - Enabled)
koehlej (S-1-5-21-574537195-154972057-3776881541-1111 - Limited - Enabled)
koro (S-1-5-21-574537195-154972057-3776881541-1101 - Limited - Enabled)
kovar (S-1-5-21-574537195-154972057-3776881541-1112 - Limited - Enabled)
kraftj (S-1-5-21-574537195-154972057-3776881541-1020 - Limited - Enabled)
kraftjo (S-1-5-21-574537195-154972057-3776881541-1058 - Limited - Enabled)
kuselb (S-1-5-21-574537195-154972057-3776881541-1099 - Limited - Enabled)
labp (S-1-5-21-574537195-154972057-3776881541-1142 - Limited - Enabled)
lahnerj (S-1-5-21-574537195-154972057-3776881541-1046 - Limited - Enabled)
laptopnx63251 (S-1-5-21-574537195-154972057-3776881541-1096 - Limited - Enabled)
ledererb (S-1-5-21-574537195-154972057-3776881541-1037 - Limited - Enabled)
lehnerh (S-1-5-21-574537195-154972057-3776881541-1017 - Limited - Enabled)
lenovoEB (S-1-5-21-574537195-154972057-3776881541-1097 - Limited - Enabled)
lunzerc (S-1-5-21-574537195-154972057-3776881541-1100 - Limited - Enabled) => C:\Users\lunzerc
lutzj (S-1-5-21-574537195-154972057-3776881541-1039 - Limited - Enabled)
maisserm (S-1-5-21-574537195-154972057-3776881541-1021 - Limited - Enabled)
mantlerl (S-1-5-21-574537195-154972057-3776881541-1032 - Limited - Enabled)
mayerrm (S-1-5-21-574537195-154972057-3776881541-1148 - Limited - Enabled)
mdtaskcont (S-1-5-21-574537195-154972057-3776881541-1155 - Administrator - Enabled) => C:\Users\mdtaskcont
meisslc (S-1-5-21-574537195-154972057-3776881541-1158 - Limited - Enabled)
meissld (S-1-5-21-574537195-154972057-3776881541-1113 - Limited - Enabled)
melach (S-1-5-21-574537195-154972057-3776881541-1122 - Administrator - Enabled)
MOTIONDATA (S-1-5-21-574537195-154972057-3776881541-1014 - Administrator - Enabled) => C:\Users\MOTIONDATA
motiondata1 (S-1-5-21-574537195-154972057-3776881541-1095 - Administrator - Enabled) => C:\Users\motiondata1
MOTIONDATA2 (S-1-5-21-574537195-154972057-3776881541-1062 - Administrator - Enabled) => C:\Users\MOTIONDATA2
MOTIONDATA3 (S-1-5-21-574537195-154972057-3776881541-1092 - Administrator - Enabled) => C:\Users\MOTIONDATA3
MOTIONDATA4 (S-1-5-21-574537195-154972057-3776881541-1086 - Administrator - Enabled) => C:\Users\MOTIONDATA4
MOTIONDATA5 (S-1-5-21-574537195-154972057-3776881541-1102 - Administrator - Enabled) => C:\Users\MOTIONDATA5
musels (S-1-5-21-574537195-154972057-3776881541-1094 - Limited - Enabled)
osmanovica (S-1-5-21-574537195-154972057-3776881541-1050 - Limited - Enabled)
penischa (S-1-5-21-574537195-154972057-3776881541-1049 - Limited - Enabled)
pernoldh (S-1-5-21-574537195-154972057-3776881541-1042 - Limited - Enabled)
pfuntnerv (S-1-5-21-574537195-154972057-3776881541-1018 - Limited - Enabled)
poikc (S-1-5-21-574537195-154972057-3776881541-1035 - Limited - Enabled)
popp (S-1-5-21-574537195-154972057-3776881541-1114 - Limited - Enabled)
preinreicht (S-1-5-21-574537195-154972057-3776881541-1022 - Limited - Enabled)
radlf (S-1-5-21-574537195-154972057-3776881541-1103 - Limited - Enabled)
riedln (S-1-5-21-574537195-154972057-3776881541-1081 - Limited - Enabled)
Risdata (S-1-5-21-574537195-154972057-3776881541-1055 - Limited - Enabled)
RSServiceUser (S-1-5-21-574537195-154972057-3776881541-1127 - Limited - Enabled) => C:\Users\RSServiceUser
sallmaiera (S-1-5-21-574537195-154972057-3776881541-1141 - Limited - Enabled)
schachld (S-1-5-21-574537195-154972057-3776881541-1077 - Limited - Enabled)
schmoellerla (S-1-5-21-574537195-154972057-3776881541-1069 - Limited - Enabled)
schmutzc (S-1-5-21-574537195-154972057-3776881541-1024 - Limited - Enabled)
schmutzs (S-1-5-21-574537195-154972057-3776881541-1034 - Limited - Enabled)
schmutzw (S-1-5-21-574537195-154972057-3776881541-1115 - Limited - Enabled)
schoenweilerd (S-1-5-21-574537195-154972057-3776881541-1044 - Limited - Enabled)
schwarzotta (S-1-5-21-574537195-154972057-3776881541-1048 - Limited - Enabled)
sirowyro (S-1-5-21-574537195-154972057-3776881541-1116 - Limited - Enabled)
smit (S-1-5-21-574537195-154972057-3776881541-1091 - Administrator - Enabled) => C:\Users\smit
sommera (S-1-5-21-574537195-154972057-3776881541-1019 - Limited - Enabled)
SophosSAUKORSQ001LK0 (S-1-5-21-574537195-154972057-3776881541-1063 - Limited - Enabled)
SQLBackup (S-1-5-21-574537195-154972057-3776881541-1068 - Limited - Enabled)
sqlservice (S-1-5-21-574537195-154972057-3776881541-1002 - Administrator - Enabled)
stinglt (S-1-5-21-574537195-154972057-3776881541-1072 - Limited - Enabled)
strell (S-1-5-21-574537195-154972057-3776881541-1134 - Limited - Enabled)
theilm (S-1-5-21-574537195-154972057-3776881541-1073 - Limited - Enabled)
trth1 (S-1-5-21-574537195-154972057-3776881541-1137 - Limited - Enabled)
trth2 (S-1-5-21-574537195-154972057-3776881541-1138 - Limited - Enabled)
trzeit (S-1-5-21-574537195-154972057-3776881541-1143 - Limited - Enabled)
ullreiche (S-1-5-21-574537195-154972057-3776881541-1056 - Limited - Enabled)
umlaufk (S-1-5-21-574537195-154972057-3776881541-1117 - Limited - Enabled)
urzs (S-1-5-21-574537195-154972057-3776881541-1118 - Limited - Enabled)
wagnere (S-1-5-21-574537195-154972057-3776881541-1119 - Limited - Enabled)
ware (S-1-5-21-574537195-154972057-3776881541-1136 - Limited - Enabled)
waschulinf (S-1-5-21-574537195-154972057-3776881541-1135 - Limited - Enabled)
webze1 (S-1-5-21-574537195-154972057-3776881541-1052 - Limited - Enabled)
webze2 (S-1-5-21-574537195-154972057-3776881541-1057 - Limited - Enabled)
weigl (S-1-5-21-574537195-154972057-3776881541-1120 - Limited - Enabled)
wernardp (S-1-5-21-574537195-154972057-3776881541-1041 - Limited - Enabled)
wiedermannj (S-1-5-21-574537195-154972057-3776881541-1027 - Limited - Enabled)
wittmannh (S-1-5-21-574537195-154972057-3776881541-1074 - Limited - Enabled)
wkoze1 (S-1-5-21-574537195-154972057-3776881541-1053 - Limited - Enabled)
wkoze2 (S-1-5-21-574537195-154972057-3776881541-1054 - Limited - Enabled)
wkoze3 (S-1-5-21-574537195-154972057-3776881541-1060 - Limited - Enabled)
wkoze4 (S-1-5-21-574537195-154972057-3776881541-1071 - Limited - Enabled)
wktablet (S-1-5-21-574537195-154972057-3776881541-1087 - Limited - Enabled)
wolfsb (S-1-5-21-574537195-154972057-3776881541-1121 - Limited - Enabled)
wwoetl1 (S-1-5-21-574537195-154972057-3776881541-1075 - Limited - Enabled)
wwoetl2 (S-1-5-21-574537195-154972057-3776881541-1078 - Limited - Enabled)
wwoetl3 (S-1-5-21-574537195-154972057-3776881541-1079 - Limited - Enabled)
wwoze1 (S-1-5-21-574537195-154972057-3776881541-1051 - Limited - Enabled)
zwiebm (S-1-5-21-574537195-154972057-3776881541-1033 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 00:08:57 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{ED2540C7-4562-40AD-97E5-A5AF0FA6A27A}" failed.

Error: (11/17/2014 00:08:40 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{C1953244-D9C7-4AA5-ABAF-58388B84C993}" failed.

Error: (11/17/2014 00:08:02 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{DAC0266F-255E-459B-82E0-B2CCBC04BABD}" failed.

Error: (11/17/2014 00:04:44 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{B965DBE2-2CE9-483B-85F0-8BC01FBF066F}" failed.

Error: (11/17/2014 00:01:24 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{C403D4EB-E204-4575-A34E-53C4733E1583}" failed.

Error: (11/17/2014 11:59:51 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{C8CB602A-9B33-49E6-9C44-1F0C16314065}" failed.

Error: (11/17/2014 11:53:54 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "{46DCAB6C-8166-4A7D-8B03-68233CB60BB2}" failed.

Error: (11/14/2014 08:13:18 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: Package "AXP Datenuebertragung" failed.

Error: (11/13/2014 10:31:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 11:33:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/18/2014 09:39:34 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker PDF-XChange 3.0 erforderliche Treiber PDF-XChange 3.0 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 09:39:33 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker IntermecEHWO erforderliche Treiber Intermec PF8d ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 09:39:23 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker An OneNote 2010 senden erforderliche Treiber Send To Microsoft OneNote 2010 Driver ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 09:39:22 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker !!vieap002!VIEPRSEC erforderliche Treiber Canon iR-ADV C5030/5035 UFR II ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/17/2014 09:42:05 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker An OneNote 2010 senden erforderliche Treiber Send To Microsoft OneNote 2010 Driver ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/17/2014 09:42:02 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker !!VIEAP002!VIEPRSEC erforderliche Treiber Canon iR-ADV C5030/5035 UFR II ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/14/2014 07:18:38 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker PDF-XChange 3.0 erforderliche Treiber PDF-XChange 3.0 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/14/2014 07:18:36 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker An OneNote 2010 senden erforderliche Treiber Send To Microsoft OneNote 2010 Driver ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/14/2014 07:18:35 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker !!vieap002!VIEPRSEC erforderliche Treiber Canon iR-ADV C5030/5035 UFR II ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/14/2014 07:18:35 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker IntermecEHWO erforderliche Treiber Intermec PF8d ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.


Microsoft Office Sessions:
=========================
Error: (11/17/2014 00:08:57 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {ED2540C7-4562-40AD-97E5-A5AF0FA6A27A}

Error: (11/17/2014 00:08:40 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {C1953244-D9C7-4AA5-ABAF-58388B84C993}

Error: (11/17/2014 00:08:02 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {DAC0266F-255E-459B-82E0-B2CCBC04BABD}

Error: (11/17/2014 00:04:44 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {B965DBE2-2CE9-483B-85F0-8BC01FBF066F}

Error: (11/17/2014 00:01:24 PM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {C403D4EB-E204-4575-A34E-53C4733E1583}

Error: (11/17/2014 11:59:51 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {C8CB602A-9B33-49E6-9C44-1F0C16314065}

Error: (11/17/2014 11:53:54 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: {46DCAB6C-8166-4A7D-8B03-68233CB60BB2}

Error: (11/14/2014 08:13:18 AM) (Source: SQLISPackage100) (EventID: 12291) (User: KORSQ001LKO)
Description: AXP Datenuebertragung

Error: (11/13/2014 10:31:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2014 11:33:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5649 @ 2.53GHz
Percentage of memory in use: 97%
Total physical RAM: 16383.55 MB
Available physical RAM: 464.16 MB
Total Pagefile: 32765.29 MB
Available Pagefile: 14111.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.9 GB) (Free:11.9 GB) NTFS
Drive d: (Volume) (Fixed) (Total:199.87 GB) (Free:60.36 GB) NTFS
Drive m: () (Network) (Total:546.75 GB) (Free:260.84 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 3A51C5A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 200 GB) (Disk ID: D271C10F)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 18.11.2014, 13:16   #5
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



FRST (SERVER102) - hier ist die logonui auch mit einer leeren datei ersetzt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Administrator (administrator) on KORTS001LKO on 18-11-2014 12:36:09
Running from C:\Users\Administrator\Desktop
Loaded Profiles: kloiberc & pfuntnerv & kraftj & preinreicht & schmutzc & idingera & wiedermannj & buscht & freymuellerm & zwiebm & mantlerl & schmutzs & poikc & fahrbacha & ledererb & osmanovica & penischa & schwarzotta & kandlerh & lutzj & fellnerr & schoenweilerd & ullreiche & lahnerj & lehnerh & wkoze1 & wkoze2 & webze1 & wwoze1 & Risdata & kraftjo & wkoze3 & wkoze4 & buchgraberp & stinglt & brandstetterh & holzmanne & blehap & riedln & laptopnx63251 & radlf & breitse & waschulinf & trth2 & derossie & bartalr & sallmaiera & labp & trzeit & trebv & mdtaskcont & binderm & frankd & meisslc & Administrator (Available profiles: ehrentrautw & kloiberc & pfuntnerv & sommera & kraftj & maisserm & preinreicht & goestld & schmutzc & idingera & klausl & wiedermannj & buscht & freymuellerm & zwiebm & mantlerl & schmutzs & poikc & fahrbacha & ledererb & goestlm & osmanovica & penischa & schwarzotta & kandlerh & lutzj & fellnerr & wernardp & pernoldh & schoenweilerd & ullreiche & lahnerj & lehnerh & wkoze1 & wkoze2 & webze1 & wwoze1 & motiondata & Risdata & webze2 & kraftjo & beerhj & wkoze3 & antls & motiondata2 & schmoellerla & wkoze4 & buchgraberp & theilm & stinglt & wittmannh & wwoetl1 & brandstetterh & holzmanne & wwoetl2 & wwoetl3 & blehap & riedln & wktablet & musels & motiondata1 & motiondata3 & motiondata4 & laptopnx63251 & lenovoEB & ebwkjd & lunzerc & koro & MOTIONDATA5 & radlf & breitse & hasukic & strell & waschulinf & trth2 & trth1 & derossie & bartalr & sallmaiera & labp & trzeit & trebv & mayerm & Test & mdtaskcont & binderm & frankd & meisslc & ellinger & Test3 & test4 & Administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
(HP) C:\Windows\AppCompat\hpagent.exe
(KSR EDV Ing. Buero GmbH) D:\Eurotax\Licence Server\KSR Licence Server Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Motiondata Software GmbH) C:\Program Files (x86)\MOTIONDATA Software GmbH\MD_OpelGarantieSetup\OpelGarantie.exe
() C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
() C:\Program Files (x86)\Mesensky\EBV 4.0\Client\client.startup.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
() C:\PTW525\pt525.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Mesensky\EBV 4.0\Server\server.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Mesensky\EBV 4.0\Client\client.startup.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\Plugins\MD_RLH_Rohgewinnjournal\MD_RLH_Rohgewinnjournal.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(MOTIONDATA Software GmbH) C:\Program Files (x86)\MOTIONDATA\MD_PGM\MData.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMware Tools] => C:\Program Files\VMware\VMware Tools\VMwareTray.exe [60016 2011-06-07] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [65648 2011-06-07] (VMware, Inc.)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-10-14] (Sophos Limited)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Programme\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKU\S-1-5-21-3877106004-1846325829-2574108814-1123\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe [690888 2012-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
Lsa: [Notification Packages] scecli rassfm
Startup: C:\Users\wkoze1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AufGenExec.lnk
ShortcutTarget: AufGenExec.lnk -> C:\Program Files (x86)\MOTIONDATA\GH-Import\AufGenExec.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1003] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1004] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1004] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1006] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1008] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1010] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1010] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1011] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1011] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1013] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1013] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1014] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1014] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1017] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1017] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1018] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1019] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1020] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1020] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1021] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1021] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1022] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1024] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1024] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1025] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1025] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1026] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1026] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1027] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1027] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1028] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1028] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1029] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1029] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1033] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1034] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1034] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1035] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1036] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1036] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1037] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1038] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1038] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1039] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1039] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1040] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1040] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1044] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1044] => proxy.intranet.ri-solution.com:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1046] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1046] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1058] => 10.246.140.120:8080
ProxyEnable: [S-1-5-21-3877106004-1846325829-2574108814-1108] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-1108] => proxy.intranet.ri-solution.com:8080
ProxyServer: [S-1-5-21-3877106004-1846325829-2574108814-500] => proxy.intranet.ri-solution.com:8080
HKU\S-1-5-21-3877106004-1846325829-2574108814-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x43C4A5EB5CB0CE01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1010\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3877106004-1846325829-2574108814-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2065ED52A032CD01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1013\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1014\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3877106004-1846325829-2574108814-1018\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1019\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1020\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1021\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3877106004-1846325829-2574108814-1022\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1022\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC59413BF3DCACE01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1022\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1024\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1024\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B33749C4FCCF01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1024\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1026\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1026\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEADAF7315803CD01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1026\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1026\Software\Microsoft\Internet Explorer\Main,Start Page = https://connect.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1027\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1027\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1027\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4E4E164FD1CCF01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1027\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1036\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3877106004-1846325829-2574108814-1039\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1039\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3D000C35ECB0CD01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1039\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1044\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3877106004-1846325829-2574108814-1044\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1044\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x175EAC96B986CE01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1044\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1046\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1058\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKU\S-1-5-21-3877106004-1846325829-2574108814-1058\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
HKU\S-1-5-21-3877106004-1846325829-2574108814-1063\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1063\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3877106004-1846325829-2574108814-1063\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1063\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x092496912A26CF01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1068\Software\Microsoft\Internet Explorer\Main,Start Page = https://servicebox.peugeot.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1069\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1098\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1101\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1102\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1102\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1102\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08CFFE719A75CF01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1102\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1103\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1106\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.at.msn.com/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C443AF763A6CF01
HKU\S-1-5-21-3877106004-1846325829-2574108814-1108\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
HKU\S-1-5-21-3877106004-1846325829-2574108814-1115\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1121\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1122\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-1123\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-3877106004-1846325829-2574108814-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1019 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1024 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1028 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1034 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1035 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1038 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1040 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3877106004-1846325829-2574108814-1065 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CGMFragment Class -> {0695F52A-89A2-4246-81B5-AFAD2D3B865F} -> C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll ()
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {41795ECB-411A-4F38-A1ED-0F34E8892BF7} https://central.gmbpi.com/P3WebClient/P3Loader.cab
DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} hxxp://korsq001lko/Reports_Korneuburg/Reserved.ReportViewerWebControl.axd?ReportSession=nb0g3xbjjwb5k0frbk4yjkiq&Culture=3079&CultureOverrides=False&UICulture=7&UICultureOverrides=False&ReportStack=1&ControlID=e004a3312fcf4d9a9f499eda253b715a&OpType=PrintCab&Arch=X86
DPF: HKLM-x32 {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} https://central.gmbpi.com/MetisWebClient/WebClientLoader.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: 23.209.155.144  tis2web.service.gm.com
Tcpip\..\Interfaces\{F4D37EF6-B129-4586-83FA-B668CF7CB49C}: [NameServer] 10.250.0.90,10.1.5.142

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3877106004-1846325829-2574108814-1022: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ledererb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

Chrome: 
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe [1994096 2012-01-23] (Symantec Corporation)
S3 BackupExecVSSProvider; C:\Program Files\Symantec\Backup Exec\RAWS\VSS Provider\bevssprovider.exe [148336 2012-01-20] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe [353648 2012-01-12] (Symantec Corporation)
S4 BrUnvPrnPortPCL; C:\Windows\system32\\BRUNVPRNPC64.EXE [60928 2012-10-31] () [File not signed]
R2 CqLMgServs; C:\Windows\AppCompat\hpagent.exe [4764160 2014-06-19] (HP) [File not signed]
R2 EBVServer; C:\Program Files (x86)\Mesensky\EBV 4.0\Server\server.exe [28672 2014-06-26] () [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 KSR_Licence-Server; D:\Eurotax\Licence Server\KSR Licence Server Service.exe [442368 2010-06-16] (KSR EDV Ing. Buero GmbH) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 MOTIONDATA Configurator Service; C:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exe [12800 2014-05-12] (MOTIONDATA Software GmbH) [File not signed]
R2 Motiondata Opel Garantieservice; C:\Program Files (x86)\MOTIONDATA Software GmbH\MD_OpelGarantieSetup\OpelGarantie.exe [9728 2014-04-14] (Motiondata Software GmbH) [File not signed]
R2 MOTIONDATA Task Controller; C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe [116000 2014-07-03] ()
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-04-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S3 PDVFSService; C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe [301720 2012-03-30] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-10-14] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3262248 2014-10-14] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-10-14] (Sophos Limited)
R2 TermServLicensing; C:\Windows\System32\lserver.dll [694784 2010-11-21] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R1 PDVFSDriver; C:\Windows\System32\drivers\pdfsd.sys [79480 2012-03-30] (Symantec Corporation)
S4 PDVFSNP; No ImagePath
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [114296 2011-10-25] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 12:36 - 2014-11-18 12:36 - 00072503 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-11-18 12:36 - 2014-11-18 12:36 - 00000000 ____D () C:\FRST
2014-11-18 12:35 - 2014-11-18 12:28 - 02117120 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2014-11-18 10:13 - 2014-11-18 10:59 - 00000000 ____D () C:\Users\fahrbacha\AppData\Local\Temp\55
2014-11-18 09:29 - 2014-11-18 09:33 - 00060661 _____ () C:\Users\frankd\Desktop\Depot_20141118_092352.xlsx
2014-11-18 09:14 - 2014-11-18 09:14 - 00000000 ____D () C:\Users\penischa\AppData\Local\Temp\54
2014-11-18 09:07 - 2014-11-18 09:18 - 00000000 ____D () C:\Users\stinglt\AppData\Local\Temp\53
2014-11-18 08:57 - 2014-11-18 12:01 - 00000000 ____D () C:\Users\freymuellerm\AppData\Local\Temp\52
2014-11-18 08:41 - 2014-11-18 08:41 - 00018084 _____ () C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20141118_074136_458.txt
2014-11-18 08:41 - 2014-11-18 08:41 - 00010408 _____ () C:\Users\Administrator\AppData\Local\Temp\RGI197D.tmp
2014-11-18 08:41 - 2014-11-18 08:41 - 00008938 _____ () C:\Users\Administrator\AppData\Local\Temp\RGI197D.tmp-tmp
2014-11-18 08:41 - 2014-11-18 08:41 - 00007732 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00010.log
2014-11-18 08:41 - 2014-11-18 08:41 - 00006120 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00011.log
2014-11-18 08:41 - 2014-11-18 08:41 - 00002734 _____ () C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20141118_074138_658.txt
2014-11-18 08:29 - 2014-11-18 10:03 - 00000000 ____D () C:\Users\preinreicht\AppData\Local\Temp\51
2014-11-18 08:28 - 2014-11-18 08:28 - 00010408 _____ () C:\Users\Administrator\AppData\Local\Temp\RGI55B1.tmp
2014-11-18 08:28 - 2014-11-18 08:28 - 00008938 _____ () C:\Users\Administrator\AppData\Local\Temp\RGI55B1.tmp-tmp
2014-11-18 08:28 - 2014-11-18 08:28 - 00007732 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00008.log
2014-11-18 08:28 - 2014-11-18 08:28 - 00006120 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00009.log
2014-11-18 08:25 - 2014-11-18 08:25 - 00018084 _____ () C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20141118_072500_867.txt
2014-11-18 08:25 - 2014-11-18 08:25 - 00010408 _____ () C:\Users\Administrator\AppData\Local\Temp\RGIEDDB.tmp
2014-11-18 08:25 - 2014-11-18 08:25 - 00008938 _____ () C:\Users\Administrator\AppData\Local\Temp\RGIEDDB.tmp-tmp
2014-11-18 08:25 - 2014-11-18 08:25 - 00007732 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00006.log
2014-11-18 08:25 - 2014-11-18 08:25 - 00006120 _____ () C:\Users\Administrator\AppData\Local\Temp\ASPNETSetup_00007.log
2014-11-18 08:25 - 2014-11-18 08:25 - 00002734 _____ () C:\Users\Administrator\AppData\Local\Temp\dd_wcf_CA_smci_20141118_072503_113.txt
2014-11-18 08:21 - 2014-11-18 08:40 - 00000000 ____D () C:\Users\schwarzotta\AppData\Local\Temp\50
2014-11-18 08:14 - 2014-11-18 12:34 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\32
2014-11-18 08:10 - 2014-11-18 12:35 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\41
2014-11-18 08:02 - 2014-11-18 08:02 - 00000000 ____D () C:\Users\breitse\AppData\Roaming\VMware
2014-11-18 08:01 - 2014-11-18 12:35 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\49
2014-11-18 08:01 - 2014-11-18 08:01 - 00000000 ____D () C:\Users\breitse\AppData\Local\Temp\48
2014-11-18 07:59 - 2014-11-18 07:59 - 00000000 ____D () C:\Users\kandlerh\AppData\Local\Temp\47
2014-11-18 07:58 - 2014-11-18 07:58 - 00000000 ____D () C:\Users\osmanovica\AppData\Local\Temp\46
2014-11-18 07:54 - 2014-11-18 08:27 - 00000000 ____D () C:\Users\ullreiche\AppData\Local\Temp\45
2014-11-18 07:42 - 2014-11-18 11:00 - 00000000 ____D () C:\Users\lehnerh\AppData\Local\Temp\44
2014-11-18 07:29 - 2014-11-18 12:13 - 00000000 ____D () C:\Users\trebv\AppData\Local\Temp\39
2014-11-18 07:25 - 2014-11-18 07:26 - 00000000 ____D () C:\Users\trth2\AppData\Local\Temp\40
2014-11-18 07:06 - 2014-11-18 07:06 - 00000000 ____D () C:\Users\kloiberc\AppData\Local\Temp\LCFEM
2014-11-18 07:05 - 2014-11-18 07:05 - 00000000 ____D () C:\Users\kloiberc\AppData\Local\Temp\37
2014-11-18 07:03 - 2014-11-18 08:14 - 00000000 ____D () C:\Users\kraftj\AppData\Local\Temp\34
2014-11-18 07:03 - 2014-11-18 07:03 - 00000000 ____D () C:\Users\wkoze4\AppData\Local\Temp\36
2014-11-18 07:03 - 2014-11-18 07:03 - 00000000 ____D () C:\Users\wkoze3\AppData\Local\Temp\35
2014-11-18 07:02 - 2014-11-18 09:04 - 00000000 ____D () C:\Users\buchgraberp\AppData\Local\Temp\33
2014-11-18 07:01 - 2014-11-18 11:41 - 00000000 ____D () C:\Users\schmutzc\AppData\Local\Temp\31
2014-11-18 07:00 - 2014-11-18 12:36 - 00000000 ____D () C:\Users\pfuntnerv\AppData\Local\Temp\27
2014-11-18 07:00 - 2014-11-18 12:35 - 00000000 ____D () C:\Users\schoenweilerd\AppData\Local\Temp\28
2014-11-18 07:00 - 2014-11-18 10:53 - 00000000 ____D () C:\Users\idingera\AppData\Local\Temp\30
2014-11-18 07:00 - 2014-11-18 10:25 - 00000000 ____D () C:\Users\buscht\AppData\Local\Temp\29
2014-11-18 07:00 - 2014-11-18 07:00 - 00000000 ____D () C:\Users\laptopnx63251\AppData\Roaming\VMware
2014-11-18 06:59 - 2014-11-18 12:23 - 00000000 ____D () C:\Users\trzeit\AppData\Local\Temp\25
2014-11-18 06:59 - 2014-11-18 10:24 - 00000000 ____D () C:\Users\laptopnx63251\AppData\Local\Temp\26
2014-11-18 06:58 - 2014-11-18 11:49 - 00000000 ____D () C:\Users\waschulinf\AppData\Local\Temp\24
2014-11-18 06:58 - 2014-11-18 10:48 - 00000000 ____D () C:\Users\schmutzs\AppData\Local\Temp\23
2014-11-18 06:57 - 2014-11-18 06:57 - 00000000 ____D () C:\Users\kraftjo\AppData\Local\Temp\22
2014-11-18 06:56 - 2014-11-18 11:59 - 00000000 ____D () C:\Users\poikc\AppData\Local\Temp\21
2014-11-18 06:56 - 2014-11-18 11:08 - 00000000 ____D () C:\Users\wiedermannj\AppData\Local\Temp\20
2014-11-18 06:55 - 2014-11-18 11:49 - 00000000 ____D () C:\Users\derossie\AppData\Local\Temp\16
2014-11-18 06:55 - 2014-11-18 11:04 - 00000000 ____D () C:\Users\riedln\AppData\Local\Temp\19
2014-11-18 06:55 - 2014-11-18 10:36 - 00000000 ____D () C:\Users\fellnerr\AppData\Local\Temp\18
2014-11-18 06:55 - 2014-11-18 07:08 - 00000000 ____D () C:\Users\lutzj\AppData\Local\Temp\17
2014-11-18 06:54 - 2014-11-18 06:54 - 00000000 ____D () C:\Users\wwoze1\AppData\Local\Temp\15
2014-11-18 06:53 - 2014-11-18 12:04 - 00000000 ____D () C:\Users\Risdata\AppData\Local\Temp\13
2014-11-18 06:53 - 2014-11-18 11:11 - 00000000 ____D () C:\Users\ledererb\AppData\Local\Temp\14
2014-11-18 06:52 - 2014-11-18 12:35 - 00000000 ____D () C:\Users\blehap\AppData\Local\Temp\12
2014-11-18 06:51 - 2014-11-18 11:59 - 00000000 ____D () C:\Users\zwiebm\AppData\Local\Temp\11
2014-11-18 06:51 - 2014-11-18 06:51 - 00000000 ____D () C:\Users\wkoze2\AppData\Local\Temp\9
2014-11-18 06:51 - 2014-11-18 06:51 - 00000000 ____D () C:\Users\wkoze1\AppData\Local\Temp\10
2014-11-18 06:50 - 2014-11-18 11:03 - 00000000 ____D () C:\Users\radlf\AppData\Local\Temp\8
2014-11-18 06:48 - 2014-11-18 12:36 - 00000000 ____D () C:\Users\mantlerl\AppData\Local\Temp\6
2014-11-18 06:48 - 2014-11-18 11:44 - 00000000 ____D () C:\Users\brandstetterh.KORTS001LKO\AppData\Local\Temp\7
2014-11-18 06:48 - 2014-11-18 06:48 - 00000000 ____D () C:\Users\webze1\AppData\Local\Temp\4
2014-11-18 06:47 - 2014-11-18 12:34 - 00000000 ____D () C:\Users\frankd\AppData\Local\Temp\5
2014-11-18 06:46 - 2014-11-18 11:56 - 00000000 ____D () C:\Users\lahnerj\AppData\Local\Temp\2
2014-11-18 06:45 - 2014-11-18 11:29 - 00000000 ____D () C:\Users\holzmanne.KORTS001LKO\AppData\Local\Temp\3
2014-11-18 05:36 - 2014-11-18 12:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\1
2014-11-17 19:52 - 2014-11-17 19:52 - 00020128 _____ () C:\Users\strell\AppData\Local\Temp\tmpB0FA.tmp
2014-11-17 19:52 - 2014-11-17 19:52 - 00000000 _____ () C:\Users\strell\AppData\Local\Temp\tmpB0F9.xml
2014-11-17 19:52 - 2014-11-17 19:52 - 00000000 _____ () C:\Users\strell\AppData\Local\Temp\tmpB0F9.tmp
2014-11-17 19:50 - 2014-11-17 19:50 - 00000000 _____ () C:\Users\strell\AppData\Local\Temp\tmp6F65.tmp
2014-11-17 19:33 - 2014-11-17 19:54 - 306091379 _____ () C:\Users\strell\Documents\Bootlog-2.pml
2014-11-17 19:33 - 2014-11-17 19:54 - 250265360 _____ () C:\Users\strell\Documents\Bootlog-3.pml
2014-11-17 19:33 - 2014-11-17 19:54 - 167050718 _____ () C:\Users\strell\Documents\Bootlog-4.pml
2014-11-17 19:32 - 2014-11-17 19:54 - 298103170 _____ () C:\Users\strell\Documents\Bootlog.pml
2014-11-17 19:32 - 2014-11-17 19:54 - 286812777 _____ () C:\Users\strell\Documents\Bootlog-1.pml
2014-11-17 18:12 - 2014-11-17 18:12 - 00000000 ____D () C:\Users\Administrator\Downloads\Autoruns
2014-11-17 18:11 - 2014-11-17 18:11 - 00511633 _____ () C:\Users\Administrator\Downloads\Autoruns.zip
2014-11-17 11:56 - 2014-11-18 07:26 - 00005154 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-kloiberc KORTS001LKO
2014-11-17 11:53 - 2014-11-17 11:53 - 00000000 ____D () C:\Users\kloiberc\Documents\Benutzerdefinierte Office-Vorlagen
2014-11-17 10:26 - 2014-11-17 10:26 - 00002400 _____ () C:\Users\motiondata\Desktop\MD_RLH_Rohgewinnjournal - Verknüpfung.lnk
2014-11-17 09:32 - 2014-11-17 09:33 - 00000000 ____D () C:\Users\motiondata\Documents\Visual Studio 2008
2014-11-17 09:27 - 2014-11-17 09:27 - 00001409 _____ () C:\Users\motiondata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-17 09:27 - 2014-11-17 09:27 - 00000502 __RSH () C:\Users\motiondata\ntuser.pol
2014-11-17 09:27 - 2014-11-17 09:27 - 00000000 ____D () C:\Users\motiondata\AppData\Roaming\ICAClient
2014-11-17 08:01 - 2014-11-17 13:01 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\53
2014-11-17 07:28 - 2014-11-18 12:36 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\42
2014-11-17 07:25 - 2014-11-17 17:22 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\40
2014-11-14 08:05 - 2014-11-14 13:00 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\45
2014-11-14 08:05 - 2014-11-14 08:06 - 00000000 ____D () C:\Users\motiondata3\Documents\Visual Studio 2008
2014-11-14 07:35 - 2014-11-17 17:20 - 00000000 ____D () C:\Users\trebv\AppData\Local\Temp\41
2014-11-14 07:32 - 2014-11-14 07:30 - 70087104 _____ (Microsoft Corporation) C:\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-11-14 07:30 - 2014-11-14 15:07 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\40
2014-11-14 07:26 - 2014-11-14 07:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VMware
2014-11-14 06:53 - 2014-11-17 16:15 - 00000000 ____D () C:\Users\trzeit\AppData\Local\Temp\15
2014-11-13 17:00 - 2014-11-13 17:00 - 00000000 ____D () C:\Users\buchgraberp\AppData\Local\Temp\LCFEM
2014-11-13 16:58 - 2014-11-13 16:58 - 00000000 ____D () C:\Users\Risdata\AppData\Local\Temp\LCFEM
2014-11-13 16:13 - 2014-11-13 16:14 - 00006168 _____ () C:\Users\Administrator\Desktop\Neues Textdokument.txt
2014-11-13 16:12 - 2014-11-13 16:12 - 00000502 __RSH () C:\Users\motiondata3\ntuser.pol
2014-11-13 13:57 - 2014-11-13 13:57 - 00060300 _____ () C:\Users\labp\Desktop\Kopie von 1415800106179.xlsx
2014-11-13 12:01 - 2014-11-17 21:12 - 00000000 _____ () C:\Windows\SysWOW64\WscomMutex.Mutex
2014-11-13 12:00 - 2014-11-13 12:00 - 00000000 ____D () C:\Windows\SysWOW64\lsptem
2014-11-13 07:25 - 2014-11-13 14:04 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\144
2014-11-13 07:17 - 2014-11-13 16:14 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\139
2014-11-13 06:57 - 2014-11-13 16:04 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\90
2014-11-12 14:41 - 2014-11-12 14:41 - 00044319 _____ () C:\Users\schwarzotta\Documents\FAHRZEUG02.xlsx
2014-11-12 14:07 - 2014-11-12 16:07 - 00070096 _____ () C:\Users\schwarzotta\Documents\FAHRZEUG0 RICHTIGE LISTE.xlsx
2014-11-12 14:07 - 2014-11-12 14:07 - 00000000 ____D () C:\Users\schwarzotta\Documents\Benutzerdefinierte Office-Vorlagen
2014-11-12 13:07 - 2014-11-18 07:23 - 00005166 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-buchgraberp KORTS001LKO
2014-11-12 11:50 - 2014-11-12 16:18 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\131
2014-11-12 07:29 - 2014-11-12 13:56 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\136
2014-11-12 06:57 - 2014-11-12 16:01 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\67
2014-11-11 16:51 - 2014-11-18 07:14 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-Risdata KORTS001LKO
2014-11-11 08:53 - 2014-11-11 13:48 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\143
2014-11-11 07:47 - 2014-11-11 13:02 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\138
2014-11-11 07:11 - 2014-11-11 07:11 - 00000000 ____D () C:\Users\Test3\AppData\Local\Temp\LCFEM
2014-11-11 07:08 - 2014-11-11 18:11 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\129
2014-11-11 06:54 - 2014-11-11 16:12 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\29
2014-11-10 10:45 - 2014-11-10 10:45 - 00022528 _____ () C:\Users\bartalr\Documents\AW Vorgangs-Nr.23133516 Besichtigung.msg
2014-11-10 07:45 - 2014-11-10 13:55 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\134
2014-11-10 07:16 - 2014-11-10 16:11 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\128
2014-11-08 13:28 - 2014-11-08 13:28 - 00000000 ____D () C:\Users\Test3\AppData\Roaming\Adobe
2014-11-08 13:22 - 2014-11-12 10:43 - 00005144 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-Test3 KORTS001LKO
2014-11-08 10:43 - 2014-11-18 07:16 - 00005154 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-derossie KORTS001LKO
2014-11-08 10:40 - 2014-11-08 10:37 - 00001443 _____ () C:\Users\test4\Desktop\Internet Explorer.lnk
2014-11-08 10:40 - 2014-09-17 22:42 - 00003015 _____ () C:\Users\test4\Desktop\Word 2013.lnk
2014-11-08 10:40 - 2014-09-17 22:39 - 00003037 _____ () C:\Users\test4\Desktop\Excel 2013.lnk
2014-11-08 10:39 - 2014-11-08 10:39 - 00000576 _____ () C:\Users\test4\Desktop\koserver (kowaage) (I) - Verknüpfung.lnk
2014-11-08 10:39 - 2014-11-08 10:39 - 00000558 _____ () C:\Users\test4\Desktop\dtg (kornux) (G) - Verknüpfung.lnk
2014-11-08 10:37 - 2014-11-08 10:37 - 00001443 _____ () C:\Users\test4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-08 10:37 - 2014-11-08 10:37 - 00001409 _____ () C:\Users\test4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-08 10:37 - 2014-11-08 10:37 - 00000502 __RSH () C:\Users\test4\ntuser.pol
2014-11-08 10:37 - 2014-11-08 10:37 - 00000020 ___SH () C:\Users\test4\ntuser.ini
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Vorlagen
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Startmenü
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Netzwerkumgebung
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Lokale Einstellungen
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Eigene Dateien
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Druckumgebung
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Documents\Eigene Musik
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Documents\Eigene Bilder
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 _SHDL () C:\Users\test4\Anwendungsdaten
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 ____D () C:\Users\test4\WINDOWS
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 ____D () C:\Users\test4\AppData\Roaming\ICAClient
2014-11-08 10:37 - 2014-11-08 10:37 - 00000000 ____D () C:\Users\test4
2014-11-08 10:37 - 2009-07-14 05:58 - 00000000 ___RD () C:\Users\test4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-08 10:37 - 2009-07-14 05:53 - 00000000 ___RD () C:\Users\test4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-08 10:35 - 2014-11-08 10:32 - 00001443 _____ () C:\Users\Test3\Desktop\Internet Explorer.lnk
2014-11-08 10:33 - 2014-11-08 10:33 - 00000576 _____ () C:\Users\Test3\Desktop\koserver (kowaage) (I) - Verknüpfung.lnk
2014-11-08 10:33 - 2014-11-08 10:33 - 00000558 _____ () C:\Users\Test3\Desktop\dtg (kornux) (G) - Verknüpfung.lnk
2014-11-08 10:33 - 2014-09-17 22:42 - 00003015 _____ () C:\Users\Test3\Desktop\Word 2013.lnk
2014-11-08 10:33 - 2014-09-17 22:39 - 00003037 _____ () C:\Users\Test3\Desktop\Excel 2013.lnk
2014-11-08 10:32 - 2014-11-12 10:25 - 00000000 ____D () C:\Users\Test3\WINDOWS
2014-11-08 10:32 - 2014-11-12 10:22 - 00000000 ____D () C:\Users\Test3
2014-11-08 10:32 - 2014-11-08 10:32 - 00001443 _____ () C:\Users\Test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-08 10:32 - 2014-11-08 10:32 - 00001409 _____ () C:\Users\Test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-08 10:32 - 2014-11-08 10:32 - 00000502 __RSH () C:\Users\Test3\ntuser.pol
2014-11-08 10:32 - 2014-11-08 10:32 - 00000020 ___SH () C:\Users\Test3\ntuser.ini
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Vorlagen
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Startmenü
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Netzwerkumgebung
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Lokale Einstellungen
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Eigene Dateien
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Druckumgebung
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Documents\Eigene Musik
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Documents\Eigene Bilder
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 _SHDL () C:\Users\Test3\Anwendungsdaten
2014-11-08 10:32 - 2014-11-08 10:32 - 00000000 ____D () C:\Users\Test3\AppData\Roaming\ICAClient
2014-11-08 10:32 - 2009-07-14 05:58 - 00000000 ___RD () C:\Users\Test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-08 10:32 - 2009-07-14 05:53 - 00000000 ___RD () C:\Users\Test3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-08 09:11 - 2014-11-08 09:11 - 00000502 __RSH () C:\Users\osmanovica\ntuser.pol
2014-11-08 09:11 - 2014-11-08 09:11 - 00000000 ____D () C:\Users\osmanovica\AppData\Roaming\ICAClient
2014-11-08 08:09 - 2014-11-08 14:20 - 00000000 ____D () C:\Users\frankd\AppData\Local\Temp\4
2014-11-07 07:53 - 2014-11-07 12:58 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\132
2014-11-07 07:07 - 2014-11-07 13:04 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\127
2014-11-06 14:36 - 2014-11-06 16:26 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\121
2014-11-06 14:12 - 2014-11-06 14:12 - 00000502 __RSH () C:\Users\laptopnx63251\ntuser.pol
2014-11-06 09:31 - 2014-11-06 09:31 - 00000000 ____D () C:\Users\buchgraberp\AppData\Local\Temp\Adobe
2014-11-06 07:25 - 2014-11-06 16:31 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\123
2014-11-05 10:54 - 2014-11-05 10:54 - 00000000 ____D () C:\Users\schmoellerla\AppData\Roaming\Macromedia
2014-11-05 08:03 - 2014-11-05 13:03 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\130
2014-11-05 07:28 - 2014-11-05 13:57 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\125
2014-11-05 07:12 - 2014-11-05 07:12 - 00000000 __HDC () C:\ProgramData\{E53F59DB-1816-4C22-A857-32973F50D2C4}
2014-11-04 10:49 - 2014-11-04 10:49 - 00000502 __RSH () C:\Users\motiondata4\ntuser.pol
2014-11-04 10:24 - 2014-11-18 09:40 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-meisslc KORTS001LKO
2014-11-04 07:47 - 2014-11-04 13:04 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\122
2014-11-04 07:28 - 2014-11-04 13:55 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\119
2014-11-04 07:24 - 2014-11-04 16:31 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\117
2014-11-04 07:15 - 2014-11-04 16:17 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\111
2014-11-04 06:41 - 2014-11-04 17:45 - 00000000 ____D () C:\Users\derossie\AppData\Local\Temp\5
2014-11-03 07:29 - 2014-11-03 13:47 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\116
2014-11-03 07:10 - 2014-11-03 16:20 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\101
2014-11-03 06:58 - 2014-11-03 06:58 - 00000502 __RSH () C:\Users\schoenweilerd\ntuser.pol
2014-10-31 06:55 - 2014-10-31 12:51 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\13
2014-10-31 06:42 - 2014-10-31 06:42 - 00000502 __RSH () C:\Users\ledererb\ntuser.pol
2014-10-30 14:58 - 2014-10-30 14:58 - 00000502 __RSH () C:\Users\kloiberc\ntuser.pol
2014-10-30 13:45 - 2014-10-30 13:45 - 00000000 ____D () C:\Users\strell\AppData\Roaming\ASE
2014-10-30 11:24 - 2014-10-30 11:24 - 00000000 ____D () C:\Users\pfuntnerv\AppData\Roaming\Macromedia
2014-10-30 08:39 - 2014-10-30 08:39 - 00000502 __RSH () C:\Users\schwarzotta\ntuser.pol
2014-10-30 07:58 - 2014-10-30 07:58 - 00000502 __RSH () C:\Users\freymuellerm\ntuser.pol
2014-10-30 07:56 - 2014-10-30 07:56 - 00000502 __RSH () C:\Users\ullreiche\ntuser.pol
2014-10-30 07:26 - 2014-10-30 14:59 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\113
2014-10-30 07:26 - 2014-10-30 07:26 - 00000502 __RSH () C:\Users\labp\ntuser.pol
2014-10-30 07:09 - 2014-10-30 17:14 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\102
2014-10-30 06:54 - 2014-10-30 06:54 - 00000502 __RSH () C:\Users\riedln\ntuser.pol
2014-10-29 09:51 - 2014-10-29 09:51 - 00000502 __RSH () C:\Users\breitse\ntuser.pol
2014-10-29 09:47 - 2014-10-29 09:47 - 00000502 __RSH () C:\Users\preinreicht\ntuser.pol
2014-10-29 09:47 - 2014-10-29 09:47 - 00000502 __RSH () C:\Users\idingera\ntuser.pol
2014-10-29 09:44 - 2014-10-29 09:44 - 00000502 __RSH () C:\Users\wkoze3\ntuser.pol
2014-10-29 09:36 - 2014-10-29 09:36 - 00000502 __RSH () C:\Users\binderm\ntuser.pol
2014-10-29 09:33 - 2014-10-29 09:33 - 00000502 __RSH () C:\Users\wwoze1\ntuser.pol
2014-10-29 09:32 - 2014-10-29 09:32 - 00000502 __RSH () C:\Users\buchgraberp\ntuser.pol
2014-10-29 09:31 - 2014-10-29 09:31 - 00000502 __RSH () C:\Users\kraftj\ntuser.pol
2014-10-29 09:28 - 2014-10-29 09:28 - 00000502 __RSH () C:\Users\ebwkjd\ntuser.pol
2014-10-29 09:27 - 2014-10-29 09:27 - 00000502 __RSH () C:\Users\lehnerh\ntuser.pol
2014-10-29 09:18 - 2014-10-29 09:18 - 00000502 __RSH () C:\Users\frankd\ntuser.pol
2014-10-29 09:16 - 2014-10-29 09:16 - 00000502 __RSH () C:\Users\strell\ntuser.pol
2014-10-29 09:15 - 2014-10-29 09:15 - 00000502 __RSH () C:\Users\meisslc\ntuser.pol
2014-10-29 09:11 - 2014-10-29 09:11 - 00000502 __RSH () C:\Users\wkoze1\ntuser.pol
2014-10-29 09:09 - 2014-10-29 09:09 - 00000502 __RSH () C:\Users\schmoellerla\ntuser.pol
2014-10-29 09:08 - 2014-10-29 09:08 - 00000502 __RSH () C:\Users\trth2\ntuser.pol
2014-10-29 09:03 - 2014-10-29 09:03 - 00000502 __RSH () C:\Users\webze1\ntuser.pol
2014-10-29 09:02 - 2014-10-29 09:02 - 00000502 __RSH () C:\Users\zwiebm\ntuser.pol
2014-10-29 09:02 - 2014-10-29 09:02 - 00000502 __RSH () C:\Users\sallmaiera\ntuser.pol
2014-10-29 09:01 - 2014-10-29 09:01 - 00000502 __RSH () C:\Users\wkoze4\ntuser.pol
2014-10-29 08:57 - 2014-10-29 08:57 - 00000502 __RSH () C:\Users\fahrbacha\ntuser.pol
2014-10-29 08:56 - 2014-10-29 08:56 - 00000502 __RSH () C:\Users\mantlerl\ntuser.pol
2014-10-29 08:55 - 2014-10-29 08:55 - 00000502 __RSH () C:\Users\schmutzc\ntuser.pol
2014-10-29 08:52 - 2014-10-29 08:52 - 00000502 __RSH () C:\Users\wittmannh\ntuser.pol
2014-10-29 08:52 - 2014-10-29 08:52 - 00000502 __RSH () C:\Users\fellnerr\ntuser.pol
2014-10-29 08:50 - 2014-10-29 08:50 - 00000502 __RSH () C:\Users\derossie\ntuser.pol
2014-10-29 08:48 - 2014-10-29 08:48 - 00000502 __RSH () C:\Users\pfuntnerv\ntuser.pol
2014-10-29 08:45 - 2014-10-29 08:45 - 00000502 __RSH () C:\Users\radlf\ntuser.pol
2014-10-29 08:44 - 2014-10-29 08:44 - 00000502 __RSH () C:\Users\schmutzs\ntuser.pol
2014-10-29 08:43 - 2014-10-29 08:43 - 00000502 __RSH () C:\Users\wiedermannj\ntuser.pol
2014-10-29 08:43 - 2014-10-29 08:43 - 00000502 __RSH () C:\Users\mayerm\ntuser.pol
2014-10-29 08:42 - 2014-10-29 08:42 - 00000502 __RSH () C:\Users\kraftjo\ntuser.pol
2014-10-29 08:37 - 2014-10-29 08:37 - 00000502 __RSH () C:\Users\holzmanne.KORTS001LKO\ntuser.pol
2014-10-29 08:36 - 2014-10-29 08:36 - 00000502 __RSH () C:\Users\bartalr\ntuser.pol
2014-10-29 08:35 - 2014-10-29 08:35 - 00000502 __RSH () C:\Users\blehap\ntuser.pol
2014-10-29 08:34 - 2014-10-29 08:34 - 00000502 __RSH () C:\Users\poikc\ntuser.pol
2014-10-29 08:33 - 2014-10-29 08:33 - 00000502 __RSH () C:\Users\Risdata\ntuser.pol
2014-10-29 08:33 - 2014-10-29 08:33 - 00000502 __RSH () C:\Users\lutzj\ntuser.pol
2014-10-29 08:30 - 2014-10-29 08:30 - 00000502 __RSH () C:\Users\stinglt\ntuser.pol
2014-10-29 08:29 - 2014-10-29 08:29 - 00000502 __RSH () C:\Users\buscht\ntuser.pol
2014-10-29 08:26 - 2014-10-29 08:26 - 00000502 __RSH () C:\Users\klausl\ntuser.pol
2014-10-29 08:21 - 2014-10-29 08:21 - 00000502 __RSH () C:\Users\wwoetl1\ntuser.pol
2014-10-29 08:20 - 2014-10-29 08:20 - 00000502 __RSH () C:\Users\penischa\ntuser.pol
2014-10-29 08:19 - 2014-10-29 08:19 - 00000502 __RSH () C:\Users\wkoze2\ntuser.pol
2014-10-29 08:18 - 2014-10-29 08:18 - 00000502 __RSH () C:\Users\trebv\ntuser.pol
2014-10-29 08:16 - 2014-10-29 08:16 - 00000502 __RSH () C:\Users\lahnerj\ntuser.pol
2014-10-29 08:15 - 2014-10-29 08:15 - 00000502 __RSH () C:\Users\kandlerh\ntuser.pol
2014-10-29 08:12 - 2014-10-29 08:12 - 00000502 __RSH () C:\Users\waschulinf\ntuser.pol
2014-10-29 08:08 - 2014-10-29 08:08 - 00000502 __RSH () C:\Users\trzeit\ntuser.pol
2014-10-29 08:03 - 2014-11-18 05:36 - 00000502 __RSH () C:\Users\Administrator\ntuser.pol
2014-10-29 08:03 - 2014-10-29 08:03 - 00000502 __RSH () C:\Users\brandstetterh.KORTS001LKO\ntuser.pol
2014-10-29 07:12 - 2014-10-29 16:33 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\87
2014-10-29 06:58 - 2014-10-29 16:01 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\35
2014-10-29 06:53 - 2014-10-29 18:14 - 00000000 ____D () C:\Users\derossie\AppData\Local\Temp\17
2014-10-28 17:26 - 2014-10-28 17:26 - 00057114 _____ () C:\Users\frankd\Desktop\Depot_20141028_171005.xlsx
2014-10-28 13:56 - 2014-10-28 13:56 - 00000000 ____D () C:\Users\ebwkjd\AppData\Roaming\ICAClient
2014-10-28 11:30 - 2014-11-06 15:31 - 00000000 ____D () C:\Users\fahrbacha\AppData\Local\Temp\120
2014-10-28 11:30 - 2014-10-28 11:30 - 00000000 ____D () C:\Users\fahrbacha\AppData\Roaming\ICAClient
2014-10-28 07:56 - 2014-10-29 13:40 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\109
2014-10-28 07:29 - 2014-10-28 13:54 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\104
2014-10-27 11:02 - 2014-10-27 11:02 - 00000000 ____D () C:\Users\wwoetl2\AppData\Roaming\ICAClient
2014-10-27 10:10 - 2014-11-13 16:42 - 00000000 ____D () C:\Users\trebv\AppData\Local\Temp\115
2014-10-27 08:03 - 2014-10-27 13:05 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\110
2014-10-27 07:30 - 2014-10-27 13:55 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\105
2014-10-27 06:56 - 2014-10-27 16:00 - 00000000 ____D () C:\Users\blehap\AppData\Local\Temp\33
2014-10-24 12:15 - 2014-10-24 12:15 - 00084886 _____ () C:\Users\labp\Desktop\Reifendepotliste per 24.10.14.xlsx
2014-10-24 10:19 - 2014-10-24 10:19 - 00001409 _____ () C:\Users\laptopnx63251\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-24 10:19 - 2014-10-24 10:19 - 00000000 ____D () C:\Users\laptopnx63251\AppData\Roaming\ICAClient
2014-10-24 08:51 - 2014-10-24 08:51 - 00008550 _____ () C:\Users\labp\Documents\Provisionen.xlsx
2014-10-24 06:07 - 2014-10-24 12:04 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\93
2014-10-24 05:50 - 2014-10-24 12:16 - 00000000 ____D () C:\Users\frankd\AppData\Local\Temp\6
2014-10-23 12:30 - 2014-10-23 12:59 - 00013943 _____ () C:\Users\labp\Desktop\Kopie von Urlaubsliste Tresdorf.xlsx
2014-10-23 11:27 - 2014-10-23 11:27 - 00004421 _____ () C:\Users\Risdata\Documents\1 MdAxp + AxpMd_KO.stmt
2014-10-23 06:29 - 2014-10-23 13:26 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\91
2014-10-23 05:56 - 2014-10-23 15:15 - 00000000 ____D () C:\Users\ellinger\AppData\Local\Temp\16
2014-10-22 09:37 - 2014-10-22 11:15 - 00015219 _____ () C:\Users\labp\Desktop\Kopie von RG_PFUNTNER_43 21 10 Verlust.xlsx
2014-10-22 06:28 - 2014-10-22 12:16 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\82
2014-10-22 06:24 - 2014-10-22 15:33 - 00000000 ____D () C:\Users\bartalr\AppData\Local\Temp\76
2014-10-22 06:08 - 2014-10-23 16:04 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\39
2014-10-21 13:34 - 2014-11-13 16:41 - 00000000 ____D () C:\Users\binderm\AppData\Local\Temp\86
2014-10-21 12:03 - 2014-11-13 16:43 - 00000000 ____D () C:\Users\idingera\AppData\Local\Temp\34
2014-10-21 06:57 - 2014-10-21 11:11 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\97
2014-10-21 06:32 - 2014-10-21 12:51 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\96
2014-10-21 06:13 - 2014-10-21 06:13 - 00000000 ____D () C:\Users\wernardp\AppData\Roaming\ICAClient
2014-10-20 11:42 - 2014-10-23 11:33 - 00013539 _____ () C:\Users\labp\Desktop\Reifen Fragen Andreas.xlsx
2014-10-20 11:07 - 2014-10-21 11:32 - 00013021 _____ () C:\Users\frankd\Desktop\Kundendaten ergänzen.xlsx
2014-10-20 07:16 - 2014-10-24 12:02 - 00000000 ____D () C:\Users\trebv\AppData\Local\Temp\95
2014-10-20 06:58 - 2014-10-20 12:00 - 00000000 ____D () C:\Users\meisslc\AppData\Local\Temp\92
2014-10-20 06:33 - 2014-10-20 12:51 - 00000000 ____D () C:\Users\labp\AppData\Local\Temp\85
2014-10-20 06:18 - 2014-10-20 16:02 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\81

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 12:35 - 2014-05-22 06:47 - 00000000 ____D () C:\Users\labp\Documents\Outlook-Dateien
2014-11-18 12:26 - 2014-08-20 15:26 - 00005138 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-labp KORTS001LKO
2014-11-18 11:12 - 2012-01-17 14:05 - 01059460 _____ () C:\Windows\WindowsUpdate.log
2014-11-18 09:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 08:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-11-18 08:41 - 2012-02-10 08:14 - 01727682 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-18 08:41 - 2010-11-21 06:48 - 00755466 _____ () C:\Windows\system32\perfh007.dat
2014-11-18 08:41 - 2010-11-21 06:48 - 00167168 _____ () C:\Windows\system32\perfc007.dat
2014-11-18 08:41 - 2009-07-14 06:10 - 01727682 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-18 08:35 - 2014-07-25 06:51 - 00005162 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-sallmaiera KORTS001LKO
2014-11-18 08:31 - 2014-10-14 14:32 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-bartalr KORTS001LKO
2014-11-18 08:18 - 2014-09-01 08:57 - 00000000 ____D () C:\Users\meisslc\Desktop\Diverses, Passwörter
2014-11-18 08:01 - 2013-03-12 11:01 - 00000000 ____D () C:\Users\breitse
2014-11-18 07:59 - 2012-01-27 10:01 - 00000000 ____D () C:\Users\kandlerh
2014-11-18 07:58 - 2014-09-30 07:04 - 00000000 ____D () C:\Users\binderm\AppData\Local\Temp\43
2014-11-18 07:39 - 2014-07-07 13:56 - 00000000 ____D () C:\Users\binderm
2014-11-18 07:33 - 2009-07-14 05:49 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-18 07:33 - 2009-07-14 05:49 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-18 07:25 - 2014-05-09 10:04 - 00000000 ____D () C:\Users\trth2
2014-11-18 07:09 - 2014-09-01 06:52 - 00005164 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-waschulinf KORTS001LKO
2014-11-18 07:08 - 2014-09-01 14:12 - 00005146 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-frankd KORTS001LKO
2014-11-18 07:05 - 2012-01-26 16:00 - 00000000 ____D () C:\Users\kloiberc
2014-11-18 07:04 - 2012-01-26 15:42 - 00000000 ____D () C:\Users\pfuntnerv
2014-11-18 07:03 - 2012-03-06 14:00 - 00000000 ____D () C:\Users\wkoze4
2014-11-18 07:01 - 2013-02-11 06:58 - 00000000 ____D () C:\Users\schoenweilerd\AppData\Roaming\VMware
2014-11-18 07:01 - 2012-03-14 07:00 - 00000000 ____D () C:\Users\idingera\AppData\Roaming\VMware
2014-11-18 06:59 - 2014-05-16 10:34 - 00000000 ____D () C:\Users\trzeit
2014-11-18 06:59 - 2012-11-06 07:21 - 00000000 ____D () C:\Users\laptopnx63251
2014-11-18 06:57 - 2012-01-27 13:52 - 00000000 ____D () C:\Users\kraftjo
2014-11-18 06:52 - 2012-06-05 08:41 - 00000000 ____D () C:\Users\blehap
2014-11-18 06:51 - 2013-09-05 05:54 - 00000000 ____D () C:\Users\wkoze1\AppData\Roaming\VMware
2014-11-18 06:49 - 2012-05-29 06:21 - 00000000 ____D () C:\Users\brandstetterh.KORTS001LKO\AppData\Roaming\VMware
2014-11-18 06:48 - 2014-08-01 08:40 - 00000000 ____D () C:\Users\frankd
2014-11-18 06:48 - 2012-04-04 06:54 - 00000000 ____D () C:\Users\brandstetterh.KORTS001LKO
2014-11-18 06:48 - 2012-01-27 13:25 - 00000000 ____D () C:\Users\webze1
2014-11-18 05:36 - 2012-01-17 14:04 - 00000000 ____D () C:\Users\Administrator
2014-11-18 05:34 - 2012-01-17 17:28 - 00000000 ____D () C:\Windows\system32\lserver
2014-11-18 05:34 - 2009-07-14 06:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-18 05:34 - 2009-07-14 05:56 - 00021036 _____ () C:\Windows\setupact.log
2014-11-17 20:00 - 2012-02-15 16:07 - 00000542 _____ () C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job
2014-11-17 18:48 - 2014-03-06 23:53 - 02510528 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\Procmon.exe
2014-11-17 18:12 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Administrator\Desktop\autoruns.exe
2014-11-17 11:40 - 2014-10-08 09:03 - 00000000 ____D () C:\Users\bartalr\Desktop\Versicherung-Rechnungen
2014-11-17 09:27 - 2012-01-30 10:48 - 00001443 _____ () C:\Users\motiondata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 09:27 - 2012-01-30 10:48 - 00000000 ____D () C:\Users\motiondata
2014-11-17 07:09 - 2014-06-27 06:09 - 00000000 ____D () C:\Users\trth2\AppData\Roaming\VMware
2014-11-17 06:57 - 2012-03-14 06:59 - 00000000 ____D () C:\Users\mantlerl\AppData\Roaming\VMware
2014-11-17 06:55 - 2012-08-17 05:59 - 00000000 ____D () C:\Users\riedln\AppData\Roaming\VMware
2014-11-15 00:08 - 2013-04-25 18:52 - 00000000 ___HD () C:\Backup Exec AOFO Store
2014-11-14 13:01 - 2014-09-18 06:05 - 00000000 ____D () C:\Users\sallmaiera\AppData\Local\Temp\33
2014-11-14 09:19 - 2014-05-27 06:58 - 00000000 ____D () C:\Users\bartalr\Desktop\Schadenmeldungen
2014-11-14 07:40 - 2012-03-14 14:41 - 00000000 ____D () C:\ERE
2014-11-14 06:57 - 2014-06-05 05:55 - 00000000 ____D () C:\Users\bartalr\AppData\Roaming\VMware
2014-11-14 06:55 - 2012-03-22 13:05 - 00000000 ____D () C:\Users\lutzj\AppData\Roaming\VMware
2014-11-13 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-13 16:57 - 2012-01-27 11:18 - 00000000 ____D () C:\Users\Risdata
2014-11-13 16:48 - 2014-10-13 11:52 - 00001483 _____ () C:\Users\Public\Desktop\MOTIONDATA Online Update Manager.lnk
2014-11-13 16:48 - 2014-07-04 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOTIONDATA
2014-11-13 16:45 - 2010-11-21 04:47 - 00052688 _____ () C:\Windows\PFRO.log
2014-11-13 16:12 - 2012-11-13 15:04 - 00000000 ____D () C:\Users\motiondata3
2014-11-13 10:11 - 2014-06-12 13:58 - 00000000 ____D () C:\Users\bartalr\Desktop\REHA-PRUCKNER-UMBAUTEN
2014-11-13 08:30 - 2014-09-01 11:27 - 00000000 ____D () C:\Users\frankd\Desktop\Eigener Ordner
2014-11-13 07:17 - 2014-05-13 12:07 - 00000000 ____D () C:\Users\sallmaiera
2014-11-13 06:57 - 2014-05-13 12:02 - 00000000 ____D () C:\Users\bartalr
2014-11-12 16:59 - 2014-05-13 10:58 - 00000000 ____D () C:\Users\derossie
2014-11-12 11:44 - 2014-05-21 13:10 - 00000000 _____ () C:\Windows\system32\vireng.log
2014-11-12 10:06 - 2012-01-27 13:42 - 00000000 ____D () C:\Users\buscht\WINDOWS
2014-11-12 08:03 - 2014-08-27 12:20 - 00000000 ____D () C:\Users\meisslc
2014-11-12 07:29 - 2014-05-13 12:11 - 00000000 ____D () C:\Users\labp
2014-11-12 07:01 - 2013-01-29 07:04 - 00000000 ____D () C:\Users\pfuntnerv\AppData\Roaming\VMware
2014-11-12 06:59 - 2012-06-14 05:57 - 00000000 ____D () C:\Users\holzmanne.KORTS001LKO\AppData\Roaming\VMware
2014-11-12 06:58 - 2012-07-02 05:58 - 00000000 ____D () C:\Users\wiedermannj\AppData\Roaming\VMware
2014-11-12 06:58 - 2012-03-30 05:58 - 00000000 ____D () C:\Users\schmutzs\AppData\Roaming\VMware
2014-11-11 08:14 - 2012-01-25 11:09 - 00000000 ____D () C:\ProgramData\MOTIONDATA Software GmbH
2014-11-11 06:58 - 2013-02-12 06:59 - 00000000 ____D () C:\Users\ledererb\AppData\Roaming\VMware
2014-11-11 06:57 - 2012-09-28 05:57 - 00000000 ____D () C:\Users\kraftjo\AppData\Roaming\VMware
2014-11-11 06:56 - 2013-03-05 07:01 - 00000000 ____D () C:\Users\radlf\AppData\Roaming\VMware
2014-11-08 09:11 - 2012-01-27 13:58 - 00000000 ____D () C:\Users\osmanovica
2014-11-07 10:25 - 2014-10-14 10:50 - 00000000 ____D () C:\Users\mayerm\Desktop\Fotos Gebrauchtwagen
2014-11-07 08:42 - 2014-08-01 06:16 - 00005144 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-trth2 KORTS001LKO
2014-11-05 07:42 - 2014-09-18 10:26 - 00000950 _____ () C:\Users\Public\Desktop\Ere-Manager.lnk
2014-11-05 07:42 - 2014-08-12 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EurotaxGlass
2014-11-04 18:29 - 2014-10-06 06:23 - 00005144 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-trebv KORTS001LKO
2014-11-04 10:49 - 2013-02-05 15:55 - 00000000 ____D () C:\Users\motiondata4
2014-11-03 06:58 - 2012-01-27 12:03 - 00000000 ____D () C:\Users\schoenweilerd
2014-10-31 06:42 - 2012-01-27 10:33 - 00000000 ____D () C:\Users\ledererb
2014-10-30 08:39 - 2012-01-27 09:55 - 00000000 ____D () C:\Users\schwarzotta
2014-10-30 07:58 - 2012-11-14 13:49 - 00000000 ____D () C:\Users\freymuellerm
2014-10-30 07:56 - 2012-01-27 12:22 - 00000000 ____D () C:\Users\ullreiche
2014-10-30 06:54 - 2012-06-29 14:33 - 00000000 ____D () C:\Users\riedln
2014-10-29 09:47 - 2012-01-27 13:41 - 00000000 ____D () C:\Users\preinreicht
2014-10-29 09:47 - 2012-01-27 13:10 - 00000000 ____D () C:\Users\idingera
2014-10-29 09:44 - 2012-02-13 07:04 - 00000000 ____D () C:\Users\wkoze3
2014-10-29 09:33 - 2012-01-27 12:13 - 00000000 ____D () C:\Users\wwoze1
2014-10-29 09:32 - 2012-03-13 14:46 - 00000000 ____D () C:\Users\buchgraberp
2014-10-29 09:31 - 2012-01-27 13:38 - 00000000 ____D () C:\Users\kraftj
2014-10-29 09:28 - 2012-12-06 13:02 - 00000000 ____D () C:\Users\ebwkjd
2014-10-29 09:27 - 2012-01-27 07:52 - 00000000 ____D () C:\Users\lehnerh
2014-10-29 09:16 - 2013-11-04 08:42 - 00000000 ____D () C:\Users\strell
2014-10-29 09:11 - 2012-02-08 13:07 - 00000000 ____D () C:\Users\wkoze1
2014-10-29 09:09 - 2012-03-01 08:04 - 00000000 ____D () C:\Users\schmoellerla
2014-10-29 09:02 - 2012-01-27 10:12 - 00000000 ____D () C:\Users\zwiebm
2014-10-29 08:57 - 2012-01-27 10:07 - 00000000 ____D () C:\Users\fahrbacha
2014-10-29 08:56 - 2012-01-27 10:10 - 00000000 ____D () C:\Users\mantlerl
2014-10-29 08:55 - 2012-01-27 13:30 - 00000000 ____D () C:\Users\schmutzc
2014-10-29 08:52 - 2012-03-23 07:33 - 00000000 ____D () C:\Users\wittmannh
2014-10-29 08:52 - 2012-01-27 12:17 - 00000000 ____D () C:\Users\fellnerr
2014-10-29 08:45 - 2013-02-11 13:35 - 00000000 ____D () C:\Users\radlf
2014-10-29 08:44 - 2012-01-27 10:05 - 00000000 ____D () C:\Users\schmutzs
2014-10-29 08:43 - 2014-06-18 06:14 - 00000000 ____D () C:\Users\mayerm
2014-10-29 08:43 - 2012-01-27 10:29 - 00000000 ____D () C:\Users\wiedermannj
2014-10-29 08:37 - 2012-04-11 07:38 - 00000000 ____D () C:\Users\holzmanne.KORTS001LKO
2014-10-29 08:34 - 2012-01-27 10:03 - 00000000 ____D () C:\Users\poikc
2014-10-29 08:33 - 2012-01-27 12:16 - 00000000 ____D () C:\Users\lutzj
2014-10-29 08:30 - 2012-05-09 13:27 - 00000000 ____D () C:\Users\stinglt
2014-10-29 08:29 - 2012-01-27 10:28 - 00000000 ____D () C:\Users\buscht
2014-10-29 08:26 - 2012-01-27 10:30 - 00000000 ____D () C:\Users\klausl
2014-10-29 08:21 - 2012-03-29 11:26 - 00000000 ____D () C:\Users\wwoetl1
2014-10-29 08:20 - 2012-01-27 14:03 - 00000000 ____D () C:\Users\penischa
2014-10-29 08:19 - 2012-02-08 13:17 - 00000000 ____D () C:\Users\wkoze2
2014-10-29 08:18 - 2014-05-27 20:19 - 00000000 ____D () C:\Users\trebv
2014-10-29 08:16 - 2012-01-27 12:11 - 00000000 ____D () C:\Users\lahnerj
2014-10-29 07:52 - 2014-07-03 06:48 - 00001912 __RSH () C:\ProgramData\ntuser.pol
2014-10-29 06:55 - 2012-11-09 06:58 - 00000000 ____D () C:\Users\poikc\AppData\Roaming\VMware
2014-10-28 16:07 - 2014-06-30 13:21 - 00000000 ____D () C:\Temp
2014-10-27 11:02 - 2012-05-08 11:01 - 00000000 ____D () C:\Users\wwoetl2
2014-10-27 06:53 - 2012-11-02 07:01 - 00000000 ____D () C:\Users\zwiebm\AppData\Roaming\VMware
2014-10-24 10:19 - 2012-11-06 07:21 - 00001443 _____ () C:\Users\laptopnx63251\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-24 09:21 - 2014-08-20 13:10 - 00097674 _____ () C:\Users\Risdata\Desktop\RG_RISDATA_43.csv
2014-10-24 09:19 - 2013-10-17 13:38 - 00313092 _____ () C:\Users\Risdata\Desktop\RG_RISDATA_18.csv
2014-10-24 05:55 - 2012-04-30 06:03 - 00000000 ____D () C:\Users\fellnerr\AppData\Roaming\VMware
2014-10-23 10:21 - 2013-10-17 13:17 - 00450906 _____ () C:\Users\Risdata\Desktop\RG_RISDATA_8.csv
2014-10-23 05:57 - 2014-10-16 05:59 - 00000000 ____D () C:\Users\ellinger\AppData\Roaming\VMware
2014-10-22 12:40 - 2014-06-18 13:54 - 00000000 ____D () C:\Program Files\Canon
2014-10-22 09:51 - 2013-10-17 14:04 - 00176616 _____ () C:\Users\Risdata\Desktop\RG_RISDATA_34.csv
2014-10-22 06:03 - 2014-09-12 07:17 - 00020070 _____ () C:\Users\Risdata\Desktop\RG_RISDATA_42.csv
2014-10-22 05:53 - 2012-10-08 05:54 - 00000000 ____D () C:\Users\lahnerj\AppData\Roaming\VMware
2014-10-21 11:34 - 2012-10-22 05:57 - 00000000 ____D () C:\Users\wkoze3\AppData\Roaming\VMware

Files to move or delete:
====================
C:\Users\mayerm\TsAllUsr.Dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 05:46

==================== End Of Log ============================
         
--- --- ---


Alt 18.11.2014, 13:17   #6
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



ADDITION (SERVER102)
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Administrator at 2014-11-18 12:37:57
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Arbortext IsoView 7.0 (HKLM-x32\...\InstallShield_{FEDCEFC4-62F6-4B71-B37E-11A7CB6BC5F8}) (Version: 7.0.50.03 - PTC)
Arbortext IsoView 7.0 (x32 Version: 7.0.50.03 - PTC) Hidden
Citrix Online Plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (HKLM-x32\...\{8B871377-E4B0-4C39-BB98-EEBE84471911}) (Version: 10.5.0.0 - Business Objects)
Deinst.-Pr. Treib. Canon Generic PCL6 (HKLM\...\Canon Generic PCL6 Driver) (Version: 6, 0, 2, 0 - Canon Inc.)
EBV 4.0.11 Client (HKLM-x32\...\EBV 3.0 Client) (Version: 4.0.11 - )
EBV 4.0.11 DCBT2013 (HKLM-x32\...\EBV 3.0 DCBT) (Version: 4.0.11 - )
EBV 4.0.11 QA-Tool (HKLM-x32\...\EBV 3.0 QAT) (Version: 4.0.11 - )
EBV 4.0.11 Server (HKLM-x32\...\EBV 3.0 Server) (Version: 4.0.11 - )
eKarl 1.0 (HKLM-x32\...\{7D22472A-DF83-4940-BBDD-9C4B0EB073C9}) (Version: 1.0.7 - LacusMedia)
Eurotax ERE Daten (A) (HKLM-x32\...\Eurotax ERE Daten (A)) (Version:  - Eurotax)
Eurotax ERE Daten (A) (x32 Version: 2014.11 - Eurotax) Hidden
EurotaxGlass ERE Full AT (HKLM-x32\...\{CAC23ACE-8971-4578-9F3D-7B7E9ACDBA9C}) (Version: 14.07.21 - EurotaxGlass's International AG)
EurotaxGlass ERE Full AT (HKLM-x32\...\{DFD33255-2AE3-424D-94FB-839FE9FA80EA}) (Version: 14.10.17 - EurotaxGlass's International AG)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
GDR 1617 für SQL Server 2008 R2 (KB2494088) (64-bit) (HKLM\...\KB2494088) (Version: 10.50.1617.0 - Microsoft Corporation)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Halliburton LogView Pro (HKLM-x32\...\InstallShield_{3516B385-C71A-41F8-9B79-E653DC2A693D}) (Version: 9.7.5 - Halliburton)
Halliburton LogView Pro (x32 Version: 9.7.5 - Halliburton) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}.KB947789) (Version: 1 - Microsoft Corporation)
HSB-Fenster V1.8 Stabil (HKLM-x32\...\HSBFensterS1.8_is1) (Version:  - IDAS GmbH)
ICOP Server (HKLM-x32\...\{B2773E92-34FD-4A79-9704-AD72379FA249}) (Version: 3.6.5 - General Motors)
Image Plugin (HKLM-x32\...\{54746B77-3873-4D13-9803-AE370FE987AA}) (Version: 3.07.0000 - Snap-on Business Solutions)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 4.3.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.3.4 - )
KSR Service Setup (HKLM-x32\...\{E525A445-AA1B-4CD6-8225-0E9DA8383486}) (Version: 1.00.0001 - KSR)
MD_OpelGarantieSetup (HKLM-x32\...\{D6781964-3659-4782-9866-154F2E9AE641}) (Version: 1.0.0 - MOTIONDATA Software GmbH)
MetaWeb (HKLM-x32\...\{73DE96F9-C03B-4FF4-A027-FFBF6B087EBD}) (Version: 3.2.0.2 - CGM Technology Services)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0407-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{362A3FDF-B12E-436A-9097-1B795A9FFCC5}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}) (Version: 10.50.1617.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Richtlinien (HKLM-x32\...\{78033A38-50E2-4A65-823F-C1B34DF9FE41}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU (HKLM-x32\...\{3888A22E-1A9E-4DBE-A93B-42385141F37D}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Works 2000 (HKLM-x32\...\{56364334-9530-11D2-BFFC-00C04FA329AA}) (Version: 1.0.0.0000 - Microsoft Corporation)
MOTIONDATA Client (Korneuburg) (HKLM-x32\...\{B9D3C5FC-2927-4F5F-9457-473E63F9F1A5}) (Version: 6.4.0.23 - MOTIONDATA Software GmbH)
MOTIONDATA Configurator (HKLM-x32\...\{4268B2D6-05F9-4B0D-AFAE-51D7E415DC9B}_is1) (Version: 3.0.12.17 - MOTIONDATA Software GmbH)
MOTIONDATA Lagermann WebService (HKLM-x32\...\{4BE419A8-6672-44BD-9C6B-546A6C56C3F3}_is1) (Version: 1.0.42.49 - MOTIONDATA Software GmbH)
MOTIONDATA Online Update Manager (HKLM-x32\...\{5291704F-8C11-43F2-A20F-3BE420E1BF7E}_is1) (Version: 3.1.53.56 - MOTIONDATA Software GmbH)
MOTIONDATA Task Controller (HKLM-x32\...\{7776928B-28CB-4CD4-BBFD-A32EE22379BC}_is1) (Version: 2.0.190.176 - MOTIONDATA Software GmbH)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerTerm 525 (HKLM-x32\...\{381DE44F-DD0B-467A-A19F-AD30C1B7AC23}) (Version:  - )
Projector3 Web Module GM_AT (HKLM-x32\...\P3WebClient_GM_AT_is1) (Version: 3.3.23.488 - ASE Ltd)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.11 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.4.81 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
SQL Server 2008 R2 Client Tools (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Integration Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Symantec Backup Exec Remote Agent for Windows (HKLM\...\Remote Agent for Windows Servers) (Version: 14.0.1798 - Symantec Corporation)
Symantec Backup Exec Remote Agent for Windows (Version: 14.0.1798 - Symantec Corporation) Hidden
TIFF Viewer Plugin (HKLM-x32\...\TIFF Viewer Plugin) (Version:  - )
TIS2WebProxy (HKLM-x32\...\TIS2WebProxy) (Version: 1.0.61.0 - Eoos Technologies GmbH)
Unity Web Player (HKU\S-1-5-21-3877106004-1846325829-2574108814-1022\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Valuation (HKLM-x32\...\Valuation) (Version: 3.6.3 - KSR EDV Ing. Büro GmbH)
Valuation (x32 Version: 3.6.3 - KSR EDV Ing. Büro GmbH) Hidden
VMware Tools (HKLM\...\{A5CD39D8-F8A7-494F-9357-878A4AB6537F}) (Version: 8.6.0.6261 - VMware, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1101_Classes\CLSID\{C80EA54D-7551-432A-9F09-56E22095CA95}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1102_Classes\CLSID\{1406F00D-87C7-40DC-84A1-B5321CB258EC}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1103_Classes\CLSID\{31CE3587-8BC4-40F9-AA32-A0DC8D836690}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1103_Classes\CLSID\{F4D3FC31-D6FA-4B3C-9342-91CF3A3BF620}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1123_Classes\CLSID\{2371BE4D-6ED7-452A-8E6F-A1262652ECD9}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1123_Classes\CLSID\{8E93D1F2-34AD-432D-A2B8-1299A884A274}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3877106004-1846325829-2574108814-1123_Classes\CLSID\{924546E9-327C-4FC6-AD87-F8D57127B49E}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-07-08 11:02 - 00000866 ____A C:\Windows\system32\Drivers\etc\hosts
23.209.155.144  tis2web.service.gm.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A16D9D7-FA6F-420F-B7D9-05B207A1AC19} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-frankd KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {0A4FD260-74D1-4DCA-AD3B-F7223F755E44} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-derossie KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {1FE7E32C-93EC-45D0-998D-03D6282BC166} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-trebv KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {24C7A005-AF32-4656-83B7-D04ED63E26BF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {4D1E89AE-2343-4527-83F3-1479C5EAB956} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-sallmaiera KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {607C3F60-1663-48DD-B0D9-82EF92C1C2B3} - System32\Tasks\Neue zeitgesteuerte Überprüfung => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-05-20] (Sophos Limited)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {7B7EB432-A7C0-403D-9F8E-F9EA7793BB3D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-labp KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {7D462D37-A898-41AE-BC5F-18232B37E942} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8403671D-70F6-4F8B-AA38-E8E1B0A86A85} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-bartalr KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {873826E4-88B5-4A33-97A5-31F92C8C9569} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-kloiberc KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {8C0F60BC-61CA-42BC-B708-D90FC6A3E6EA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-Test3 KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {8F86DED8-9288-4A65-A5D3-9D3D0C1FE889} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-Risdata KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {A342AE8E-D4A9-45C2-9E36-EAB5FD159DCF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-waschulinf KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {A9A27AC7-388B-422A-8DB7-0BF0D04604DE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-buchgraberp KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {AC53D80D-9EFC-48DF-B5E2-2397C99E151B} - System32\Tasks\{B288967F-2FC7-48C1-9377-D05F8C4312D5} => D:\HSB\Stabil18\HSB18.exe [2014-03-12] ()
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-21] (Microsoft Corporation)
Task: {C4F5D869-0A11-4204-ACB4-2133D9BEAD4C} - System32\Tasks\{E892D409-8872-4A25-BDB2-D3398799E69A} => D:\HSB\Stabil18\HSB18.exe [2014-03-12] ()
Task: {C72D78F7-A100-4729-B4B0-16D308FAB035} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-trth2 KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {D6A68324-69BF-49E5-826B-EE4E1E50C67E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KORTS001LKO-meisslc KORTS001LKO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {ED4263D5-5B87-4755-8379-D566168251F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {EE319103-FF84-4512-A942-85960C956A7F} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [2010-11-21] (Microsoft Corporation)
Task: {FBE2129E-54D2-4E6E-9D75-9BE14F53D41B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\Neue zeitgesteuerte Überprüfung.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================== Loaded Modules (whitelisted) =============

2012-03-30 13:31 - 2012-03-30 13:31 - 00087704 _____ () C:\Windows\System32\PDVFSNP.dll
2014-09-19 10:59 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-07-04 08:09 - 2014-07-03 09:23 - 00116000 _____ () C:\Program Files (x86)\MOTIONDATA\MD Task Controller\MD_Task_Controller_Service.exe
2011-06-07 07:49 - 2011-06-07 07:49 - 00077824 _____ () C:\Program Files\VMware\VMware Tools\sigc-2.0.dll
2011-06-07 07:48 - 2011-06-07 07:48 - 00780400 _____ () C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll
2014-06-26 08:07 - 2014-06-26 08:07 - 00013312 _____ () C:\Program Files (x86)\Mesensky\EBV 4.0\Client\client.startup.exe
2014-06-26 15:07 - 2003-11-25 16:33 - 01536000 _____ () C:\PTW525\pt525.exe
2014-06-26 08:07 - 2014-06-26 08:07 - 00028672 _____ () C:\Program Files (x86)\Mesensky\EBV 4.0\Server\server.exe
2014-09-18 02:32 - 2014-09-18 02:32 - 06088704 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\client\8a08fe2f45a8dd1e03c43f3d2860274b\client.ni.dll
2014-09-18 02:33 - 2014-09-18 02:33 - 03333632 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\kernel\baa0d32983b1a7ad2f318464cb9e9200\kernel.ni.dll
2014-09-18 02:33 - 2014-09-18 02:33 - 00100864 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\FtpClient\f4202f1e78589b7cc74c312607ae7c82\FtpClient.ni.dll
2014-09-18 02:33 - 2014-09-18 02:33 - 00062976 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\updater\36ac0f53a7eebb899332bda393325409\updater.ni.dll
2014-09-18 02:32 - 2014-09-18 02:32 - 00051200 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\DDE\5512cda3e0bc8fe87a909e3a5a33154b\DDE.ni.dll
2014-09-18 02:33 - 2014-09-18 02:33 - 00193536 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\statistic\2770283c9df06288951d26862a4b4896\statistic.ni.dll
2014-01-23 14:55 - 2014-01-23 14:55 - 01030312 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-01-23 14:55 - 2014-01-23 14:55 - 00321704 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-04-15 12:11 - 2014-04-15 12:11 - 00125096 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2012-09-17 22:48 - 2012-09-17 22:48 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-17 22:48 - 2012-09-17 22:48 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2014-06-26 15:07 - 2002-11-24 18:02 - 00269824 _____ () C:\PTW525\PT525DE.DLL
2014-05-08 12:21 - 2014-05-08 12:21 - 00312832 _____ () C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.DEU
2014-05-08 12:21 - 2014-05-08 12:21 - 00057344 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2014-05-28 07:49 - 2014-05-28 07:49 - 09496576 _____ () C:\Users\trebv\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2012-07-27 21:51 - 2012-07-27 21:51 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
2014-05-28 07:49 - 2014-05-28 07:49 - 03066880 _____ () C:\Users\trebv\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2014-05-08 12:21 - 2014-05-08 12:21 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2014-05-28 08:13 - 2014-05-28 08:13 - 00014336 _____ () C:\Users\trebv\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2007-01-20 19:07 - 2007-01-20 19:07 - 00032768 _____ () C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll
2014-09-18 02:34 - 2014-09-18 02:34 - 03333632 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\kernel\38b7e957722962189cd5c32a858d6b39\kernel.ni.dll
2014-09-18 02:34 - 2014-09-18 02:34 - 00062976 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\updater\1969e100b91f863a9508110143341a1e\updater.ni.dll
2014-09-18 02:34 - 2014-09-18 02:34 - 00100864 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\FtpClient\44ba9c8163b7d4c185d3dd62ea9a0d31\FtpClient.ni.dll
2014-09-18 02:34 - 2014-09-18 02:34 - 00193536 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\statistic\393408646ea49e69f12ec66b0bf13464\statistic.ni.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-09-18 02:33 - 2014-09-18 02:33 - 00493056 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\00c5e60cf2564c9e43c950640425ae8c\LinqBridge.ni.dll
2014-09-18 02:34 - 2014-09-18 02:34 - 06088704 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\client\82365fa32f5e9b11d6909d4a329327dc\client.ni.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3877106004-1846325829-2574108814-500 - Administrator - Enabled) => C:\Users\Administrator
antls (S-1-5-21-3877106004-1846325829-2574108814-1049 - Limited - Enabled) => C:\Users\antls
bartalr (S-1-5-21-3877106004-1846325829-2574108814-1102 - Limited - Enabled) => C:\Users\bartalr
beerhj (S-1-5-21-3877106004-1846325829-2574108814-1047 - Limited - Enabled) => C:\Users\beerhj
binderm (S-1-5-21-3877106004-1846325829-2574108814-1121 - Limited - Enabled) => C:\Users\binderm
blehap (S-1-5-21-3877106004-1846325829-2574108814-1068 - Limited - Enabled) => C:\Users\blehap
brandstetterh (S-1-5-21-3877106004-1846325829-2574108814-1063 - Limited - Enabled) => C:\Users\brandstetterh.KORTS001LKO
breitse (S-1-5-21-3877106004-1846325829-2574108814-1089 - Limited - Enabled) => C:\Users\breitse
buchgraberp (S-1-5-21-3877106004-1846325829-2574108814-1058 - Administrator - Enabled) => C:\Users\buchgraberp
buscht (S-1-5-21-3877106004-1846325829-2574108814-1014 - Limited - Enabled) => C:\Users\buscht
derossie (S-1-5-21-3877106004-1846325829-2574108814-1101 - Limited - Enabled) => C:\Users\derossie
ebwkjd (S-1-5-21-3877106004-1846325829-2574108814-1082 - Limited - Enabled) => C:\Users\ebwkjd
ehrentrautw (S-1-5-21-3877106004-1846325829-2574108814-1002 - Administrator - Enabled) => C:\Users\ehrentrautw
ellinger (S-1-5-21-3877106004-1846325829-2574108814-1124 - Limited - Enabled) => C:\Users\ellinger
fahrbacha (S-1-5-21-3877106004-1846325829-2574108814-1021 - Limited - Enabled) => C:\Users\fahrbacha
fellnerr (S-1-5-21-3877106004-1846325829-2574108814-1029 - Limited - Enabled) => C:\Users\fellnerr
frankd (S-1-5-21-3877106004-1846325829-2574108814-1122 - Limited - Enabled) => C:\Users\frankd
freymuellerm (S-1-5-21-3877106004-1846325829-2574108814-1016 - Limited - Enabled) => C:\Users\freymuellerm
Gast (S-1-5-21-3877106004-1846325829-2574108814-501 - Limited - Disabled)
goestld (S-1-5-21-3877106004-1846325829-2574108814-1009 - Limited - Enabled) => C:\Users\goestld
goestlm (S-1-5-21-3877106004-1846325829-2574108814-1023 - Limited - Enabled) => C:\Users\goestlm
hasukic (S-1-5-21-3877106004-1846325829-2574108814-1090 - Limited - Enabled) => C:\Users\hasukic
holzmanne (S-1-5-21-3877106004-1846325829-2574108814-1065 - Limited - Enabled) => C:\Users\holzmanne.KORTS001LKO
idingera (S-1-5-21-3877106004-1846325829-2574108814-1011 - Limited - Enabled) => C:\Users\idingera
kandlerh (S-1-5-21-3877106004-1846325829-2574108814-1027 - Limited - Enabled) => C:\Users\kandlerh
klausl (S-1-5-21-3877106004-1846325829-2574108814-1012 - Limited - Enabled) => C:\Users\klausl
kloiberc (S-1-5-21-3877106004-1846325829-2574108814-1003 - Limited - Enabled) => C:\Users\kloiberc
koro (S-1-5-21-3877106004-1846325829-2574108814-1086 - Limited - Enabled) => C:\Users\koro
kraftj (S-1-5-21-3877106004-1846325829-2574108814-1006 - Limited - Enabled) => C:\Users\kraftj
kraftjo (S-1-5-21-3877106004-1846325829-2574108814-1046 - Limited - Enabled) => C:\Users\kraftjo
kuselb (S-1-5-21-3877106004-1846325829-2574108814-1083 - Limited - Enabled)
labp (S-1-5-21-3877106004-1846325829-2574108814-1106 - Limited - Enabled) => C:\Users\labp
lahnerj (S-1-5-21-3877106004-1846325829-2574108814-1035 - Limited - Enabled) => C:\Users\lahnerj
laptopnx63251 (S-1-5-21-3877106004-1846325829-2574108814-1079 - Limited - Enabled) => C:\Users\laptopnx63251
ledererb (S-1-5-21-3877106004-1846325829-2574108814-1022 - Limited - Enabled) => C:\Users\ledererb
lehnerh (S-1-5-21-3877106004-1846325829-2574108814-1036 - Limited - Enabled) => C:\Users\lehnerh
lenovoEB (S-1-5-21-3877106004-1846325829-2574108814-1081 - Limited - Enabled) => C:\Users\lenovoEB
lunzerc (S-1-5-21-3877106004-1846325829-2574108814-1085 - Limited - Enabled) => C:\Users\lunzer
lutzj (S-1-5-21-3877106004-1846325829-2574108814-1028 - Limited - Enabled) => C:\Users\lutzj
maisserm (S-1-5-21-3877106004-1846325829-2574108814-1007 - Limited - Enabled) => C:\Users\maisserm
mantlerl (S-1-5-21-3877106004-1846325829-2574108814-1018 - Limited - Enabled) => C:\Users\mantlerl
mayerm (S-1-5-21-3877106004-1846325829-2574108814-1117 - Limited - Enabled) => C:\Users\mayerm
mdtaskcont (S-1-5-21-3877106004-1846325829-2574108814-1120 - Administrator - Enabled) => C:\Users\mdtaskcont
meisslc (S-1-5-21-3877106004-1846325829-2574108814-1123 - Limited - Enabled) => C:\Users\meisslc
motiondata (S-1-5-21-3877106004-1846325829-2574108814-1042 - Administrator - Enabled) => C:\Users\motiondata
motiondata1 (S-1-5-21-3877106004-1846325829-2574108814-1076 - Administrator - Enabled) => C:\Users\motiondata1
motiondata2 (S-1-5-21-3877106004-1846325829-2574108814-1050 - Administrator - Enabled) => C:\Users\motiondata2
motiondata3 (S-1-5-21-3877106004-1846325829-2574108814-1077 - Administrator - Enabled) => C:\Users\motiondata3
motiondata4 (S-1-5-21-3877106004-1846325829-2574108814-1078 - Administrator - Enabled) => C:\Users\motiondata4
MOTIONDATA5 (S-1-5-21-3877106004-1846325829-2574108814-1087 - Administrator - Enabled) => C:\Users\MOTIONDATA5
musels (S-1-5-21-3877106004-1846325829-2574108814-1075 - Limited - Enabled) => C:\Users\musels
osmanovica (S-1-5-21-3877106004-1846325829-2574108814-1024 - Limited - Enabled) => C:\Users\osmanovica
penischa (S-1-5-21-3877106004-1846325829-2574108814-1025 - Limited - Enabled) => C:\Users\penischa
pernoldh (S-1-5-21-3877106004-1846325829-2574108814-1031 - Limited - Enabled) => C:\Users\pernoldh
pfuntnerv (S-1-5-21-3877106004-1846325829-2574108814-1004 - Limited - Enabled) => C:\Users\pfuntnerv
poikc (S-1-5-21-3877106004-1846325829-2574108814-1020 - Limited - Enabled) => C:\Users\poikc
preinreicht (S-1-5-21-3877106004-1846325829-2574108814-1008 - Limited - Enabled) => C:\Users\preinreicht
radlf (S-1-5-21-3877106004-1846325829-2574108814-1088 - Limited - Enabled) => C:\Users\radlf
riedln (S-1-5-21-3877106004-1846325829-2574108814-1069 - Limited - Enabled) => C:\Users\riedln
Risdata (S-1-5-21-3877106004-1846325829-2574108814-1044 - Administrator - Enabled) => C:\Users\Risdata
RWA (S-1-5-21-3877106004-1846325829-2574108814-1130 - Limited - Enabled)
sallmaiera (S-1-5-21-3877106004-1846325829-2574108814-1103 - Limited - Enabled) => C:\Users\sallmaiera
schachld (S-1-5-21-3877106004-1846325829-2574108814-1064 - Limited - Enabled)
schmoellerla (S-1-5-21-3877106004-1846325829-2574108814-1056 - Limited - Enabled) => C:\Users\schmoellerla
schmutzc (S-1-5-21-3877106004-1846325829-2574108814-1010 - Limited - Enabled) => C:\Users\schmutzc
schmutzs (S-1-5-21-3877106004-1846325829-2574108814-1019 - Limited - Enabled) => C:\Users\schmutzs
schoenweilerd (S-1-5-21-3877106004-1846325829-2574108814-1033 - Limited - Enabled) => C:\Users\schoenweilerd
schwarzotta (S-1-5-21-3877106004-1846325829-2574108814-1026 - Limited - Enabled) => C:\Users\schwarzotta
sommera (S-1-5-21-3877106004-1846325829-2574108814-1005 - Limited - Enabled) => C:\Users\sommera
SophosSAUKORTS001LK0 (S-1-5-21-3877106004-1846325829-2574108814-1051 - Limited - Enabled)
stinglt (S-1-5-21-3877106004-1846325829-2574108814-1060 - Limited - Enabled) => C:\Users\stinglt
strell (S-1-5-21-3877106004-1846325829-2574108814-1096 - Administrator - Enabled) => C:\Users\strell
Test (S-1-5-21-3877106004-1846325829-2574108814-1119 - Limited - Disabled) => C:\Users\Test
Test3 (S-1-5-21-3877106004-1846325829-2574108814-1128 - Limited - Enabled) => C:\Users\Test3
test4 (S-1-5-21-3877106004-1846325829-2574108814-1129 - Limited - Enabled) => C:\Users\test4
theilm (S-1-5-21-3877106004-1846325829-2574108814-1059 - Limited - Enabled) => C:\Users\theilm
trebv (S-1-5-21-3877106004-1846325829-2574108814-1115 - Limited - Enabled) => C:\Users\trebv
trth1 (S-1-5-21-3877106004-1846325829-2574108814-1099 - Limited - Enabled) => C:\Users\trth1
trth2 (S-1-5-21-3877106004-1846325829-2574108814-1098 - Limited - Enabled) => C:\Users\trth2
trzeit (S-1-5-21-3877106004-1846325829-2574108814-1108 - Limited - Enabled) => C:\Users\trzeit
ullreiche (S-1-5-21-3877106004-1846325829-2574108814-1034 - Limited - Enabled) => C:\Users\ullreiche
waschulinf (S-1-5-21-3877106004-1846325829-2574108814-1097 - Limited - Enabled) => C:\Users\waschulinf
webze1 (S-1-5-21-3877106004-1846325829-2574108814-1039 - Limited - Enabled) => C:\Users\webze1
webze2 (S-1-5-21-3877106004-1846325829-2574108814-1045 - Limited - Enabled) => C:\Users\webze2
wernardp (S-1-5-21-3877106004-1846325829-2574108814-1030 - Limited - Enabled) => C:\Users\wernardp
wiedermannj (S-1-5-21-3877106004-1846325829-2574108814-1013 - Limited - Enabled) => C:\Users\wiedermannj
wittmannh (S-1-5-21-3877106004-1846325829-2574108814-1061 - Limited - Enabled) => C:\Users\wittmannh
wkoze1 (S-1-5-21-3877106004-1846325829-2574108814-1037 - Limited - Enabled) => C:\Users\wkoze1
wkoze2 (S-1-5-21-3877106004-1846325829-2574108814-1038 - Limited - Enabled) => C:\Users\wkoze2
wkoze3 (S-1-5-21-3877106004-1846325829-2574108814-1048 - Limited - Enabled) => C:\Users\wkoze3
wkoze4 (S-1-5-21-3877106004-1846325829-2574108814-1057 - Limited - Enabled) => C:\Users\wkoze4
wktablet (S-1-5-21-3877106004-1846325829-2574108814-1074 - Limited - Enabled) => C:\Users\wktablet
wwoetl1 (S-1-5-21-3877106004-1846325829-2574108814-1062 - Limited - Enabled) => C:\Users\wwoetl1
wwoetl2 (S-1-5-21-3877106004-1846325829-2574108814-1066 - Limited - Enabled) => C:\Users\wwoetl2
wwoetl3 (S-1-5-21-3877106004-1846325829-2574108814-1067 - Limited - Enabled) => C:\Users\wwoetl3
wwoze1 (S-1-5-21-3877106004-1846325829-2574108814-1040 - Limited - Enabled) => C:\Users\wwoze1
zwiebm (S-1-5-21-3877106004-1846325829-2574108814-1017 - Limited - Enabled) => C:\Users\zwiebm

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 00:01:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vmtoolsd.exe, Version: 8.6.0.6261, Zeitstempel: 0x4dee27c3
Name des fehlerhaften Moduls: unity.dll, Version: 8.6.0.6261, Zeitstempel: 0x4dee27f9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000000000010408
ID des fehlerhaften Prozesses: 0x3e84
Startzeit der fehlerhaften Anwendung: 0xvmtoolsd.exe0
Pfad der fehlerhaften Anwendung: vmtoolsd.exe1
Pfad des fehlerhaften Moduls: vmtoolsd.exe2
Berichtskennung: vmtoolsd.exe3

Error: (11/18/2014 09:37:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vmtoolsd.exe, Version: 8.6.0.6261, Zeitstempel: 0x4dee27c3
Name des fehlerhaften Moduls: unity.dll, Version: 8.6.0.6261, Zeitstempel: 0x4dee27f9
Ausnahmecode: 0xc0000094
Fehleroffset: 0x0000000000010408
ID des fehlerhaften Prozesses: 0x18a4
Startzeit der fehlerhaften Anwendung: 0xvmtoolsd.exe0
Pfad der fehlerhaften Anwendung: vmtoolsd.exe1
Pfad des fehlerhaften Moduls: vmtoolsd.exe2
Berichtskennung: vmtoolsd.exe3

Error: (11/18/2014 08:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe, Version: 1.0.12.17, Zeitstempel: 0x53708bd1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6710
Startzeit der fehlerhaften Anwendung: 0xMOTIONDATA Configurator Service.exe0
Pfad der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe1
Pfad des fehlerhaften Moduls: MOTIONDATA Configurator Service.exe2
Berichtskennung: MOTIONDATA Configurator Service.exe3

Error: (11/18/2014 08:13:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:10:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe, Version: 1.0.12.17, Zeitstempel: 0x53708bd1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x7568
Startzeit der fehlerhaften Anwendung: 0xMOTIONDATA Configurator Service.exe0
Pfad der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe1
Pfad des fehlerhaften Moduls: MOTIONDATA Configurator Service.exe2
Berichtskennung: MOTIONDATA Configurator Service.exe3

Error: (11/18/2014 08:10:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:07:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe, Version: 1.0.12.17, Zeitstempel: 0x53708bd1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x6dc8
Startzeit der fehlerhaften Anwendung: 0xMOTIONDATA Configurator Service.exe0
Pfad der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe1
Pfad des fehlerhaften Moduls: MOTIONDATA Configurator Service.exe2
Berichtskennung: MOTIONDATA Configurator Service.exe3

Error: (11/18/2014 08:07:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe, Version: 1.0.12.17, Zeitstempel: 0x53708bd1
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1e40
Startzeit der fehlerhaften Anwendung: 0xMOTIONDATA Configurator Service.exe0
Pfad der fehlerhaften Anwendung: MOTIONDATA Configurator Service.exe1
Pfad des fehlerhaften Moduls: MOTIONDATA Configurator Service.exe2
Berichtskennung: MOTIONDATA Configurator Service.exe3

Error: (11/18/2014 08:04:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)


System errors:
=============
Error: (11/18/2014 00:42:36 PM) (Source: TermDD) (EventID: 56) (User: )
Description: Von der Terminalserver-Sicherheitsschicht wurde ein Fehler im Protokollablauf erkannt, und die Clientverbindung wurde getrennt.
Client-IP: 10.246.143.35.

Error: (11/18/2014 11:28:39 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker Epson LQ-570+ ESC/P 2 erforderliche Treiber Epson LQ-570+ ESC/P 2 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 11:28:38 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker NRG 1305 f/1308 F/1302f PCL 6 erforderliche Treiber NRG 1305 f/1308 F/1302f PCL 6 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 11:23:30 AM) (Source: TermDD) (EventID: 56) (User: )
Description: Von der Terminalserver-Sicherheitsschicht wurde ein Fehler im Protokollablauf erkannt, und die Clientverbindung wurde getrennt.
Client-IP: 10.246.143.35.

Error: (11/18/2014 10:49:49 AM) (Source: TermDD) (EventID: 56) (User: )
Description: Von der Terminalserver-Sicherheitsschicht wurde ein Fehler im Protokollablauf erkannt, und die Clientverbindung wurde getrennt.
Client-IP: 10.246.140.53.

Error: (11/18/2014 09:51:25 AM) (Source: TermDD) (EventID: 56) (User: )
Description: Von der Terminalserver-Sicherheitsschicht wurde ein Fehler im Protokollablauf erkannt, und die Clientverbindung wurde getrennt.
Client-IP: 10.246.143.35.

Error: (11/18/2014 08:29:22 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker hp deskjet 940c erforderliche Treiber hp deskjet 940c ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 08:29:21 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker HP LaserJet P3010 Series PCL 6 erforderliche Treiber HP LaserJet P3010 Series PCL 6 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 08:29:20 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker HP LaserJet P3005 PCL 6 erforderliche Treiber HP LaserJet P3005 PCL 6 ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.

Error: (11/18/2014 08:29:19 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Der für den Drucker HP Deskjet 5900 Series erforderliche Treiber HP Deskjet 5900 Series ist unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren, bevor Sie sich erneut anmelden.


Microsoft Office Sessions:
=========================
Error: (11/18/2014 00:01:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmtoolsd.exe8.6.0.62614dee27c3unity.dll8.6.0.62614dee27f9c000009400000000000104083e8401d002f503e81bebC:\Program Files\VMware\VMware Tools\vmtoolsd.exeC:\Program Files\VMware\VMware Tools\plugins\vmusr\unity.dll42d98381-6f12-11e4-8d4e-000c2989903f

Error: (11/18/2014 09:37:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmtoolsd.exe8.6.0.62614dee27c3unity.dll8.6.0.62614dee27f9c0000094000000000001040818a401d002f34682a0c5C:\Program Files\VMware\VMware Tools\vmtoolsd.exeC:\Program Files\VMware\VMware Tools\plugins\vmusr\unity.dll12d811fa-6efe-11e4-8d4e-000c2989903f

Error: (11/18/2014 08:13:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MOTIONDATA Configurator Service.exe1.0.12.1753708bd1KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d671001d002ff2dbc1c74C:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exeC:\Windows\syswow64\KERNELBASE.dll6c309c7d-6ef2-11e4-8d4e-000c2989903f

Error: (11/18/2014 08:13:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:10:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MOTIONDATA Configurator Service.exe1.0.12.1753708bd1KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d756801d002fec22d603bC:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exeC:\Windows\syswow64\KERNELBASE.dllfff67bc2-6ef1-11e4-8d4e-000c2989903f

Error: (11/18/2014 08:10:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:07:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MOTIONDATA Configurator Service.exe1.0.12.1753708bd1KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d6dc801d002fe566e0fccC:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exeC:\Windows\syswow64\KERNELBASE.dll94692894-6ef1-11e4-8d4e-000c2989903f

Error: (11/18/2014 08:07:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/18/2014 08:04:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MOTIONDATA Configurator Service.exe1.0.12.1753708bd1KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d1e4001d002fdeaa1d24aC:\Program Files (x86)\MOTIONDATA\MD Configurator\Service\MOTIONDATA Configurator Service.exeC:\Windows\syswow64\KERNELBASE.dll286aed76-6ef1-11e4-8d4e-000c2989903f

Error: (11/18/2014 08:04:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: MOTIONDATA Configurator Service.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.Net.Sockets.SocketException
Stapel:
   bei System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType, System.Net.Sockets.ProtocolType)
   bei MOTIONDATA_Configurator_Service.Service.Receive(System.Object)
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart(System.Object)


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5649 @ 2.53GHz
Percentage of memory in use: 70%
Total physical RAM: 16383.55 MB
Available physical RAM: 4897.51 MB
Total Pagefile: 32765.29 MB
Available Pagefile: 18910.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.9 GB) (Free:13.7 GB) NTFS
Drive d: (Data) (Fixed) (Total:100 GB) (Free:63.07 GB) NTFS
Drive m: () (Network) (Total:546.75 GB) (Free:260.84 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: A912706F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 100 GB) (Disk ID: 615C7B0F)
Partition 1: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 19.11.2014, 08:31   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



Seh ich ja jetzt erst. Server? Firma? Keine eigene IT Abteilung? Besondere Regeln dazu gelesen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.11.2014, 16:23   #8
buchinet
 
Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



ja firma.
wir haben eine IT - das bin ich, die ein man IT Abteilung. - nur macht werde ich diesen Virus nicht los. deswegen habe ich nach hilfe gesucht.

Alt 20.11.2014, 09:37   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Bitcoin Miner c:\windows\logs\logonui.exe - Standard

Bitcoin Miner c:\windows\logs\logonui.exe



Und deine Firma weiß dass Du hier nach Hillfe fragst und Logfiles postest?

Ich will mit Sicherheit nicht den Spielverderber machen, aber das muss geklärt sein, sonst gibt es im Nachgang Stress.

Bitte mal lesen:
http://www.trojaner-board.de/108422-...-anfragen.html

mal abgesehen davon dass bereinigen von Server/Client fast aussichtslos ist, wenn denn überhaupt Seuche da ist.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bitcoin Miner c:\windows\logs\logonui.exe
bitcoin, datei, dauerhaft, entferne, extrem, fehlercode 0xc0000094, fehlercode 0xe0434352, fehlercode 22, fehlercode windows, folgendes, heute, leere, leeren, lösung, manuell, möglichkeit, nacht, sophos, taskmanager, this device is disabled. (code 22), umbenannt, umgehen, verwendet, windows



Ähnliche Themen: Bitcoin Miner c:\windows\logs\logonui.exe


  1. Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
    Log-Analyse und Auswertung - 27.04.2015 (7)
  2. Windows 7 Pro -> LogonUI.exe - Systemfehler
    Log-Analyse und Auswertung - 30.09.2014 (13)
  3. ~ 3 BitCoin Miner, Avira + Malwarebytes finden nichts. Beim Start startet sich Browser "unsichtbar"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2014 (13)
  4. Externe FP mit PUP.Optional.Miner
    Log-Analyse und Auswertung - 27.03.2014 (3)
  5. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  6. Windows 7: Bit Coin Miner "Befall"
    Log-Analyse und Auswertung - 01.01.2014 (9)
  7. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  8. Windows 7: Ständige Grafikkarten-Treiber Abstürze, Freezes & Bluescreen... Verdacht auf Bitcoin-Miner o.ä!
    Log-Analyse und Auswertung - 31.10.2013 (10)
  9. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  10. Miner.exe, TR/hijacker.Gen, etc?
    Log-Analyse und Auswertung - 13.06.2013 (12)
  11. Bitcoin: Diebstahl bei Bitcoin-Central und Ozcoin
    Nachrichten - 25.04.2013 (0)
  12. Coin Miner Virus
    Überwachung, Datenschutz und Spam - 15.10.2011 (1)
  13. newbie braucht hilfe (logonui.exe)
    Plagegeister aller Art und deren Bekämpfung - 09.07.2009 (4)
  14. Probleme mit Datei logonui.exe
    Log-Analyse und Auswertung - 17.08.2008 (4)
  15. Data Miner
    Log-Analyse und Auswertung - 01.02.2007 (1)
  16. Data Miner
    Antiviren-, Firewall- und andere Schutzprogramme - 04.04.2005 (12)
  17. Trojan Downloader JS Miner
    Plagegeister aller Art und deren Bekämpfung - 22.02.2005 (1)

Zum Thema Bitcoin Miner c:\windows\logs\logonui.exe - hallo ich habe folgendes problem. es sind 3x windows 2008 r2 server betroffen. system läuft extrem zäh. -> im Taskmanager LogonUI.exe verwendet alle systemresourcen.. diese logonui liegt unter c:\windows\logs\logonui.exe. laut - Bitcoin Miner c:\windows\logs\logonui.exe...
Archiv
Du betrachtest: Bitcoin Miner c:\windows\logs\logonui.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.