| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie System Doctor 2014 auf WinXp entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.06.2013, 18:50
| #1 |
| |  Wie System Doctor 2014 auf WinXp entfernen Hallo liebes Forum! Mich hat nun auch dieser miese System Doctor 2014 erwischt. Aus den anderen Threads konnte ich lesen, dass man doch auf individuelle Hilfe angewiesen ist. Also was soll/kann ich tun? Bisher habe ich mir nur von Malewarebytes das AntiRootkit heruntergeladen und scanne damit gerade meinen Rechner... wie soll ich weiter vorgehen? Beste Grüße, Astalavista |
|
04.06.2013, 18:52
| #2 |
| /// Malware-holic   | Wie System Doctor 2014 auf WinXp entfernen Hi erst mal den Scan abbrechen und hiermit weiter.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.06.2013, 19:16
| #3 |
| | Wie System Doctor 2014 auf WinXp entfernen Hat ne Weile gedauert, aber jetzt hab ich die Logfiles
__________________Also: OTL.txt Code:
ATTFilter OTL logfile created on: 04.06.2013 19:56:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free 4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2013.05.07 14:58:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 14:32:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.26 08:43:46 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.03.15 16:41:18 | 000,348,160 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD) -- C:\Programme\TP-LINK\TWCU\TWCU.exe PRC - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe ========== Modules (No Company Name) ========== MOD - [2013.03.26 08:44:20 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.11.17 13:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.11.17 18:29:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe ========== Services (SafeList) ========== SRV - File not found [Unknown (-1) | Unknown] -- -- (mbamswissarmy) SRV - [2013.05.20 12:23:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2013.03.23 11:45:27 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2010.04.09 19:06:36 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2013.03.30 14:33:55 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 14:33:55 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 14:33:55 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.26 08:24:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2013.03.26 08:18:22 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2013.03.26 08:18:22 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2013.02.04 19:48:47 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.08.07 02:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.06.16 14:50:18 | 000,012,416 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GT680X.SYS -- (GT680x) DRV - [2006.01.16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523) DRV - [2004.08.03 23:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4) DRV - [2004.08.03 23:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3) DRV - [2004.08.03 23:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4) DRV - [2004.08.03 23:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3) DRV - [2004.08.03 23:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1) DRV - [2004.08.03 23:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0) DRV - [2004.08.03 23:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.03 23:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0) DRV - [2004.08.03 23:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1) DRV - [2004.08.03 23:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2) DRV - [2002.05.03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG) DRV - [2002.04.04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) DRV - [1999.10.29 22:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.11 12:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.01 19:00:25 | 000,000,000 | ---D | M] [2010.03.16 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.01.08 11:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions [2010.05.24 16:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.11 12:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.11 14:23:48 | 000,000,978 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 134.109.132.3 vpngate.hrz.tu-chemnitz.de ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [fmdvvefl] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ahnatfuo.exe" File not found O4 - HKCU..\Run: [hxtujdgo] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe () O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe () O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found O4 - HKLM..\RunOnce: [A0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Programme/proeWildfire%202.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74EC16FF-C326-486E-BFAE-D40FAB257DBD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {210C90F8-F6F3-D2A3-CD6E-D14C51BD875B} - Outlook Express ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3D74679B-D1BE-3FA4-49D6-4CF0310E3A4C} - Internet Explorer ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A9F0ACF4-5F41-6116-BC77-5E8F5BF1C1DE} - Windows Media Player ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CCE65A1E-4161-B4A1-369D-ED5C267D516B} - Browseranpassungen ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CPQEASYACC - hkey= - key= - C:\Programme\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: PROMon.exe - hkey= - key= - File not found MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: Smapp - hkey= - key= - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 19:54:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.06.04 19:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable) [2013.06.04 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.06.04 19:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003 [2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014 [2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.06.04 19:38:48 | 013,169,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip [2013.06.04 19:20:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.04 19:20:12 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.06.04 19:20:12 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.06.04 19:20:12 | 000,081,562 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.06.04 19:20:12 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.06.04 19:18:23 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk [2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url [2013.06.04 19:16:02 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2013.06.04 19:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.04 19:15:47 | 2146,947,072 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 19:07:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj [2013.05.30 14:36:58 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe [2013.05.30 09:28:04 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out [2013.05.30 09:27:56 | 000,000,167 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err [2013.05.20 13:51:24 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.20 13:45:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.11 14:23:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 19:39:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.06.04 19:39:17 | 013,169,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip [2013.06.04 19:15:47 | 2146,947,072 | -HS- | C] () -- C:\hiberfil.sys [2013.05.30 17:32:35 | 000,000,962 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk [2013.05.30 17:32:35 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url [2013.05.30 14:39:00 | 000,045,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj [2013.05.30 14:36:58 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe [2013.05.30 09:27:16 | 000,000,167 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err [2013.05.30 09:26:57 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out [2013.03.26 19:04:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012.02.15 10:34:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.05.10 10:50:31 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.03.02 14:35:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.04 19:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Autodesk [2010.03.17 09:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2013.03.19 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PTC [2013.05.30 17:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa [2010.04.09 19:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2010.05.02 11:56:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2013.04.06 14:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.03.17 09:23:09 | 000,000,000 | ---D | M] -- C:\51ebb0d8aeec720a19d9 [2011.11.14 10:51:24 | 000,000,000 | ---D | M] -- C:\a5e841df23b07e470d2b08d4f945 [2010.02.26 17:13:41 | 000,000,000 | ---D | M] -- C:\Compaq [2013.05.20 13:49:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.02.26 17:15:46 | 000,000,000 | ---D | M] -- C:\CPQAPPS [2011.01.10 12:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.02.27 01:09:00 | 000,000,000 | ---D | M] -- C:\i386 [2010.04.11 13:33:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.03.26 18:57:59 | 000,000,000 | ---D | M] -- C:\NVIDIA [2013.04.06 14:22:44 | 000,000,000 | R--D | M] -- C:\Programme [2010.03.02 14:13:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.03.28 11:35:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.26 17:22:13 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2010.03.16 19:33:03 | 000,000,000 | ---D | M] -- C:\temp [2013.06.04 19:06:31 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2002.08.29 03:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2002.11.02 18:42:10 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.12.28 15:45:58 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2001.08.17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2002.08.29 16:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys [2002.08.29 10:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2002.11.03 02:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2002.11.03 02:17:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2002.11.03 02:17:50 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.06.04 19:58:56 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2013.06.04 19:59:01 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2013.06.04 19:15:07 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.02.26 17:15:56 | 000,001,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\OCA_LOG.TXT < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe:*:Enabled:ptc10_tmp
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe:*:Enabled:ptc31_tmp
"C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe" = C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd
"C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe:*:Enabled:xtop
"C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Unterstützung
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CdaC13Ba" = SafeCast Shared Components
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ie8" = Windows Internet Explorer 8
"InstallShield_{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 2.0 Datecode M280" = Pro/ENGINEER Release Wildfire 2.0 Datecode M280
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Software Setup" = Software Setup
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"System Doctor 2014" = System Doctor 2014
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 31.05.2013 10:14:10 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341
(0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
WINDOWS_ERROR_CODE
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED
Error - 04.06.2013 13:16:05 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 04.06.2013 13:16:07 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 04.06.2013 13:16:08 | Computer Name = MHT11 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1351 NULL object. Cannot establish a connection at this time.
Error - 04.06.2013 13:17:09 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 04.06.2013 13:07:13 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" ist vom Dienst
"TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv
Tcpip
Error - 04.06.2013 13:15:05 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
Also: OTL.txt Code:
ATTFilter OTL logfile created on: 04.06.2013 19:56:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free 4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2013.05.07 14:58:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 14:32:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.26 08:43:46 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.03.15 16:41:18 | 000,348,160 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD) -- C:\Programme\TP-LINK\TWCU\TWCU.exe PRC - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe ========== Modules (No Company Name) ========== MOD - [2013.03.26 08:44:20 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.11.17 13:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2006.11.17 18:29:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe ========== Services (SafeList) ========== SRV - File not found [Unknown (-1) | Unknown] -- -- (mbamswissarmy) SRV - [2013.05.20 12:23:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2013.03.23 11:45:27 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll -- (Akamai) SRV - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2010.04.09 19:06:36 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2013.03.30 14:33:55 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 14:33:55 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 14:33:55 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.26 08:24:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2013.03.26 08:18:22 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2013.03.26 08:18:22 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2013.02.04 19:48:47 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007.08.07 02:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.06.16 14:50:18 | 000,012,416 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GT680X.SYS -- (GT680x) DRV - [2006.01.16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523) DRV - [2004.08.03 23:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4) DRV - [2004.08.03 23:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3) DRV - [2004.08.03 23:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4) DRV - [2004.08.03 23:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3) DRV - [2004.08.03 23:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1) DRV - [2004.08.03 23:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0) DRV - [2004.08.03 23:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004.08.03 23:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0) DRV - [2004.08.03 23:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1) DRV - [2004.08.03 23:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2) DRV - [2002.05.03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG) DRV - [2002.04.04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) DRV - [1999.10.29 22:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.11 12:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.01 19:00:25 | 000,000,000 | ---D | M] [2010.03.16 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.01.08 11:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions [2010.05.24 16:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.11 12:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.11 14:23:48 | 000,000,978 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 134.109.132.3 vpngate.hrz.tu-chemnitz.de ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [fmdvvefl] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ahnatfuo.exe" File not found O4 - HKCU..\Run: [hxtujdgo] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe () O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe () O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found O4 - HKLM..\RunOnce: [A0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Programme/proeWildfire%202.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74EC16FF-C326-486E-BFAE-D40FAB257DBD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {210C90F8-F6F3-D2A3-CD6E-D14C51BD875B} - Outlook Express ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3D74679B-D1BE-3FA4-49D6-4CF0310E3A4C} - Internet Explorer ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A9F0ACF4-5F41-6116-BC77-5E8F5BF1C1DE} - Windows Media Player ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CCE65A1E-4161-B4A1-369D-ED5C267D516B} - Browseranpassungen ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CPQEASYACC - hkey= - key= - C:\Programme\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found MsConfig - StartUpReg: nwiz - hkey= - key= - File not found MsConfig - StartUpReg: PROMon.exe - hkey= - key= - File not found MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: Smapp - hkey= - key= - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 19:54:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.06.04 19:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable) [2013.06.04 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.06.04 19:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003 [2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014 [2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.06.04 19:38:48 | 013,169,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip [2013.06.04 19:20:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.06.04 19:20:12 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.06.04 19:20:12 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.06.04 19:20:12 | 000,081,562 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.06.04 19:20:12 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.06.04 19:18:23 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk [2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url [2013.06.04 19:16:02 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2013.06.04 19:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.06.04 19:15:47 | 2146,947,072 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 19:07:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj [2013.05.30 14:36:58 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe [2013.05.30 09:28:04 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out [2013.05.30 09:27:56 | 000,000,167 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err [2013.05.20 13:51:24 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.20 13:45:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.11 14:23:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 19:39:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.06.04 19:39:17 | 013,169,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip [2013.06.04 19:15:47 | 2146,947,072 | -HS- | C] () -- C:\hiberfil.sys [2013.05.30 17:32:35 | 000,000,962 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk [2013.05.30 17:32:35 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url [2013.05.30 14:39:00 | 000,045,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj [2013.05.30 14:36:58 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe [2013.05.30 09:27:16 | 000,000,167 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err [2013.05.30 09:26:57 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out [2013.03.26 19:04:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012.02.15 10:34:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010.05.10 10:50:31 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.03.02 14:35:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.04 19:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Autodesk [2010.03.17 09:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2013.03.19 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PTC [2013.05.30 17:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa [2010.04.09 19:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2010.05.02 11:56:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2013.04.06 14:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.03.17 09:23:09 | 000,000,000 | ---D | M] -- C:\51ebb0d8aeec720a19d9 [2011.11.14 10:51:24 | 000,000,000 | ---D | M] -- C:\a5e841df23b07e470d2b08d4f945 [2010.02.26 17:13:41 | 000,000,000 | ---D | M] -- C:\Compaq [2013.05.20 13:49:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.02.26 17:15:46 | 000,000,000 | ---D | M] -- C:\CPQAPPS [2011.01.10 12:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.02.27 01:09:00 | 000,000,000 | ---D | M] -- C:\i386 [2010.04.11 13:33:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.03.26 18:57:59 | 000,000,000 | ---D | M] -- C:\NVIDIA [2013.04.06 14:22:44 | 000,000,000 | R--D | M] -- C:\Programme [2010.03.02 14:13:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.03.28 11:35:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.26 17:22:13 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2010.03.16 19:33:03 | 000,000,000 | ---D | M] -- C:\temp [2013.06.04 19:06:31 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2002.08.29 03:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2002.11.02 18:42:10 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2012.12.28 15:45:58 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2001.08.17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2002.08.29 16:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys [2002.08.29 10:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2002.11.03 02:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2002.11.03 02:17:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2002.11.03 02:17:50 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.06.04 19:58:56 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2013.06.04 19:59:01 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2013.06.04 19:15:07 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.02.26 17:15:56 | 000,001,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\OCA_LOG.TXT < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe:*:Enabled:ptc10_tmp
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe:*:Enabled:ptc31_tmp
"C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe" = C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd
"C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe:*:Enabled:xtop
"C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Unterstützung
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CdaC13Ba" = SafeCast Shared Components
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"ie8" = Windows Internet Explorer 8
"InstallShield_{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 2.0 Datecode M280" = Pro/ENGINEER Release Wildfire 2.0 Datecode M280
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Software Setup" = Software Setup
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"System Doctor 2014" = System Doctor 2014
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 31.05.2013 10:14:10 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341
(0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
WINDOWS_ERROR_CODE
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED
Error - 04.06.2013 13:16:05 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
Error - 04.06.2013 13:16:07 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 04.06.2013 13:16:08 | Computer Name = MHT11 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1351 NULL object. Cannot establish a connection at this time.
Error - 04.06.2013 13:17:09 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 04.06.2013 13:07:13 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" ist vom Dienst
"TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv
Tcpip
Error - 04.06.2013 13:15:05 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
< End of report >
|
|
04.06.2013, 19:27
| #4 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe ()
O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found
[2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014
[2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 19:28
| #5 |
| | Wie System Doctor 2014 auf WinXp entfernen Sorry für den Doppelpost :/ |
|
04.06.2013, 19:29
| #6 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen kein Problem, siehe meinen letzten Post
__________________ --> Wie System Doctor 2014 auf WinXp entfernen |
|
04.06.2013, 19:34
| #7 |
| | Wie System Doctor 2014 auf WinXp entfernen So... hier der Inhalt der xxxxxxxx.txt Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SD2014 deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wecolbpn deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014 folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 1907098835 bytes
->Temporary Internet Files folder emptied: 14681556 bytes
->FireFox cache emptied: 245135952 bytes
->Flash cache emptied: 6292 bytes
User: All Users
User: d6b91b40cd21778a2604dd912a823c
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36373376 bytes
RecycleBin emptied: 1738508 bytes
Total Files Cleaned = 2.103,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_202900
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2c0.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.06.2013, 00:30
| #8 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen Upload fehlt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 08:55
| #9 |
| | Wie System Doctor 2014 auf WinXp entfernen Hallo, Sorry, das mit dem Upload hatte ich gestern übersehen. Der Zip-Ordner ist nun hochgeladen... auch wenn ich gerade nicht weiß, wohin :/ |
|
05.06.2013, 11:17
| #10 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen ok. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 18:50
| #11 |
| | Wie System Doctor 2014 auf WinXp entfernen Hallo MarkusG, Ich komme heute leider nicht mehr dazu, das gewünschte Programm zu installieren. (Der Rechner gehört meinen Eltern und ich komme erst am Freitag wieder hin) Würde mich freuen, wenn du mich weiterhin unterstützt. Aber trotzdem erstmal: TAUSEND DANK |
|
05.06.2013, 18:53
| #12 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen ist ok, morgen bin ich nur sporadisch online, und dann erst wieder sonnabend
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.06.2013, 16:32
| #13 |
| | Wie System Doctor 2014 auf WinXp entfernen Hallo, ich habe jetzt TDSSKiller durchlaufen lassen und es kam auch ein Treffen. Habe diesen mit Skip übersprungen... Hier der Inhalt des Log-files: Code:
ATTFilter 17:28:54.0937 3952 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:28:55.0156 3952 ============================================================
17:28:55.0156 3952 Current date / time: 2013/06/07 17:28:55.0156
17:28:55.0156 3952 SystemInfo:
17:28:55.0156 3952
17:28:55.0156 3952 OS Version: 5.1.2600 ServicePack: 3.0
17:28:55.0156 3952 Product type: Workstation
17:28:55.0156 3952 ComputerName: MHT11
17:28:55.0156 3952 UserName: Administrator
17:28:55.0156 3952 Windows directory: C:\WINDOWS
17:28:55.0156 3952 System windows directory: C:\WINDOWS
17:28:55.0156 3952 Processor architecture: Intel x86
17:28:55.0156 3952 Number of processors: 1
17:28:55.0156 3952 Page size: 0x1000
17:28:55.0156 3952 Boot type: Normal boot
17:28:55.0156 3952 ============================================================
17:28:57.0078 3952 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:28:57.0093 3952 ============================================================
17:28:57.0093 3952 \Device\Harddisk0\DR0:
17:28:57.0093 3952 MBR partitions:
17:28:57.0093 3952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
17:28:57.0093 3952 ============================================================
17:28:57.0109 3952 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:57.0125 3952 ============================================================
17:28:57.0125 3952 Initialize success
17:28:57.0125 3952 ============================================================
17:29:04.0859 3556 ============================================================
17:29:04.0859 3556 Scan started
17:29:04.0859 3556 Mode: Manual;
17:29:04.0859 3556 ============================================================
17:29:05.0218 3556 ================ Scan system memory ========================
17:29:05.0218 3556 System memory - ok
17:29:05.0234 3556 ================ Scan services =============================
17:29:05.0390 3556 Abiosdsk - ok
17:29:05.0406 3556 abp480n5 - ok
17:29:05.0468 3556 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
17:29:05.0484 3556 ac97intc - ok
17:29:05.0531 3556 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
17:29:05.0531 3556 ACPI - ok
17:29:05.0562 3556 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:05.0562 3556 ACPIEC - ok
17:29:05.0609 3556 [ A9F02264C4A52CC667E7B8799514C877 ] ACS C:\WINDOWS\system32\acs.exe
17:29:05.0625 3556 ACS - ok
17:29:05.0671 3556 [ D2523D28674B03976AFC1AB6EF712F27 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
17:29:05.0671 3556 acsint - ok
17:29:05.0703 3556 [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
17:29:05.0718 3556 acsmux - ok
17:29:05.0828 3556 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:05.0859 3556 AdobeFlashPlayerUpdateSvc - ok
17:29:05.0906 3556 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
17:29:05.0921 3556 adpu160m - ok
17:29:05.0953 3556 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\System32\DRIVERS\adpu320.sys
17:29:05.0968 3556 adpu320 - ok
17:29:06.0000 3556 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:29:06.0031 3556 aec - ok
17:29:06.0062 3556 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:06.0078 3556 AegisP - ok
17:29:06.0125 3556 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:29:06.0156 3556 AFD - ok
17:29:06.0203 3556 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:29:06.0218 3556 agp440 - ok
17:29:06.0234 3556 Aha154x - ok
17:29:06.0281 3556 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
17:29:06.0281 3556 aic78u2 - ok
17:29:06.0312 3556 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
17:29:06.0328 3556 aic78xx - ok
17:29:06.0593 3556 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll
17:29:06.0593 3556 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
17:29:06.0640 3556 Akamai ( HiddenFile.Multi.Generic ) - warning
17:29:06.0640 3556 Akamai - detected HiddenFile.Multi.Generic (1)
17:29:06.0671 3556 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:29:06.0687 3556 Alerter - ok
17:29:06.0718 3556 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
17:29:06.0718 3556 ALG - ok
17:29:06.0734 3556 AliIde - ok
17:29:06.0750 3556 amsint - ok
17:29:06.0843 3556 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:29:06.0875 3556 AntiVirSchedulerService - ok
17:29:06.0921 3556 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:29:06.0937 3556 AntiVirService - ok
17:29:06.0984 3556 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:29:07.0000 3556 AppMgmt - ok
17:29:07.0046 3556 [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523 C:\WINDOWS\system32\DRIVERS\ar5523.sys
17:29:07.0046 3556 AR5523 - ok
17:29:07.0062 3556 asc - ok
17:29:07.0078 3556 asc3350p - ok
17:29:07.0093 3556 asc3550 - ok
17:29:07.0187 3556 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:07.0250 3556 aspnet_state - ok
17:29:07.0296 3556 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:07.0312 3556 AsyncMac - ok
17:29:07.0328 3556 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
17:29:07.0343 3556 atapi - ok
17:29:07.0359 3556 Atdisk - ok
17:29:07.0406 3556 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:07.0421 3556 Atmarpc - ok
17:29:07.0453 3556 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:29:07.0468 3556 AudioSrv - ok
17:29:07.0515 3556 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:07.0515 3556 audstub - ok
17:29:07.0593 3556 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
17:29:07.0609 3556 Autodesk Licensing Service - ok
17:29:07.0656 3556 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:29:07.0671 3556 avgntflt - ok
17:29:07.0718 3556 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:29:07.0734 3556 avipbb - ok
17:29:07.0765 3556 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:29:07.0765 3556 avkmgr - ok
17:29:07.0812 3556 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:29:07.0812 3556 Beep - ok
17:29:07.0875 3556 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
17:29:07.0906 3556 BITS - ok
17:29:07.0953 3556 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
17:29:07.0968 3556 Browser - ok
17:29:08.0015 3556 [ 9BDBDA21D3BA8E374FD06A405BE10215 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
17:29:08.0031 3556 C-DillaCdaC11BA - ok
17:29:08.0062 3556 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:08.0062 3556 cbidf2k - ok
17:29:08.0093 3556 cd20xrnt - ok
17:29:08.0140 3556 [ F76CB7259AA575CC53F3996BC6B68C18 ] CdaC15BA C:\WINDOWS\system32\drivers\CDAC15BA.SYS
17:29:08.0140 3556 CdaC15BA - ok
17:29:08.0203 3556 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:08.0218 3556 Cdaudio - ok
17:29:08.0250 3556 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:08.0265 3556 Cdfs - ok
17:29:08.0296 3556 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:08.0312 3556 Cdrom - ok
17:29:08.0328 3556 Changer - ok
17:29:08.0375 3556 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:29:08.0390 3556 CiSvc - ok
17:29:08.0421 3556 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:29:08.0453 3556 ClipSrv - ok
17:29:08.0515 3556 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:08.0750 3556 clr_optimization_v2.0.50727_32 - ok
17:29:08.0765 3556 CmdIde - ok
17:29:08.0812 3556 COMSysApp - ok
17:29:08.0843 3556 Cpqarray - ok
17:29:08.0890 3556 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:29:08.0906 3556 CryptSvc - ok
17:29:08.0937 3556 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:29:08.0953 3556 CVirtA - ok
17:29:09.0046 3556 [ D4A26B0926171DC4F969955D157D1311 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
17:29:09.0125 3556 CVPND - ok
17:29:09.0187 3556 [ C23025AC5AE45A105D63BD6E2408EDD4 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:29:09.0218 3556 CVPNDRVA - ok
17:29:09.0234 3556 dac2w2k - ok
17:29:09.0250 3556 dac960nt - ok
17:29:09.0296 3556 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:29:09.0312 3556 DcomLaunch - ok
17:29:09.0343 3556 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:29:09.0359 3556 Dhcp - ok
17:29:09.0406 3556 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:09.0406 3556 Disk - ok
17:29:09.0421 3556 dmadmin - ok
17:29:09.0484 3556 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:29:09.0546 3556 dmboot - ok
17:29:09.0578 3556 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:29:09.0593 3556 dmio - ok
17:29:09.0656 3556 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:29:09.0671 3556 dmload - ok
17:29:09.0703 3556 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:29:09.0718 3556 dmserver - ok
17:29:09.0765 3556 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:29:09.0781 3556 DMusic - ok
17:29:09.0828 3556 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:29:09.0828 3556 DNE - ok
17:29:09.0890 3556 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:29:09.0906 3556 Dnscache - ok
17:29:09.0953 3556 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:29:09.0968 3556 Dot3svc - ok
17:29:10.0000 3556 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
17:29:10.0031 3556 dpti2o - ok
17:29:10.0046 3556 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:10.0062 3556 drmkaud - ok
17:29:10.0140 3556 [ FE9CB643A034285031502D3369E5A869 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:29:10.0140 3556 E100B - ok
17:29:10.0203 3556 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:29:10.0234 3556 EapHost - ok
17:29:10.0343 3556 [ 53CE0799C9384CAC99942FF032285F21 ] eaps2kbd C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
17:29:10.0359 3556 eaps2kbd - ok
17:29:10.0390 3556 [ E54E3A335B3A03AD0252E50BB92A633C ] EAWDMFD C:\WINDOWS\system32\drivers\EAWDMFD.sys
17:29:10.0406 3556 EAWDMFD - ok
17:29:10.0468 3556 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:29:10.0484 3556 ERSvc - ok
17:29:10.0531 3556 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
17:29:10.0546 3556 Eventlog - ok
17:29:10.0640 3556 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
17:29:10.0671 3556 EventSystem - ok
17:29:10.0718 3556 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:10.0734 3556 Fastfat - ok
17:29:10.0781 3556 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:29:10.0796 3556 FastUserSwitchingCompatibility - ok
17:29:10.0828 3556 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:29:10.0843 3556 Fdc - ok
17:29:10.0859 3556 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:29:10.0875 3556 Fips - ok
17:29:10.0906 3556 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:29:10.0921 3556 Flpydisk - ok
17:29:10.0968 3556 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:10.0984 3556 FltMgr - ok
17:29:11.0062 3556 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:11.0078 3556 FontCache3.0.0.0 - ok
17:29:11.0125 3556 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:11.0125 3556 Fs_Rec - ok
17:29:11.0156 3556 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:11.0171 3556 Ftdisk - ok
17:29:11.0218 3556 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:11.0234 3556 Gpc - ok
17:29:11.0281 3556 [ 236199389AFDE897F24C7E51AC89C010 ] GT680x C:\WINDOWS\system32\Drivers\gt680x.sys
17:29:11.0281 3556 GT680x - ok
17:29:11.0390 3556 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:11.0406 3556 helpsvc - ok
17:29:11.0437 3556 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
17:29:11.0453 3556 HidServ - ok
17:29:11.0500 3556 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:11.0500 3556 HidUsb - ok
17:29:11.0546 3556 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:29:11.0562 3556 hkmsvc - ok
17:29:11.0578 3556 hpn - ok
17:29:11.0625 3556 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:11.0640 3556 HTTP - ok
17:29:11.0687 3556 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:29:11.0703 3556 HTTPFilter - ok
17:29:11.0718 3556 i2omgmt - ok
17:29:11.0734 3556 i2omp - ok
17:29:11.0765 3556 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:11.0765 3556 i8042prt - ok
17:29:11.0812 3556 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:29:11.0828 3556 i81x - ok
17:29:11.0859 3556 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
17:29:11.0875 3556 iAimFP0 - ok
17:29:11.0906 3556 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
17:29:11.0906 3556 iAimFP1 - ok
17:29:11.0921 3556 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
17:29:11.0937 3556 iAimFP2 - ok
17:29:11.0968 3556 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
17:29:11.0984 3556 iAimFP3 - ok
17:29:12.0000 3556 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
17:29:12.0000 3556 iAimFP4 - ok
17:29:12.0046 3556 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
17:29:12.0062 3556 iAimTV0 - ok
17:29:12.0078 3556 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
17:29:12.0109 3556 iAimTV1 - ok
17:29:12.0125 3556 iAimTV2 - ok
17:29:12.0171 3556 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
17:29:12.0171 3556 iAimTV3 - ok
17:29:12.0218 3556 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
17:29:12.0218 3556 iAimTV4 - ok
17:29:12.0296 3556 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:12.0406 3556 idsvc - ok
17:29:12.0453 3556 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:12.0468 3556 Imapi - ok
17:29:12.0515 3556 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
17:29:12.0515 3556 ImapiService - ok
17:29:12.0546 3556 ini910u - ok
17:29:12.0578 3556 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\drivers\intelide.sys
17:29:12.0578 3556 IntelIde - ok
17:29:12.0625 3556 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:12.0625 3556 intelppm - ok
17:29:12.0671 3556 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:12.0671 3556 ip6fw - ok
17:29:12.0718 3556 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:12.0734 3556 IpFilterDriver - ok
17:29:12.0765 3556 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:12.0765 3556 IpInIp - ok
17:29:12.0781 3556 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:12.0796 3556 IpNat - ok
17:29:12.0828 3556 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:12.0843 3556 IPSec - ok
17:29:12.0875 3556 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:12.0890 3556 IRENUM - ok
17:29:12.0937 3556 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
17:29:12.0937 3556 isapnp - ok
17:29:12.0968 3556 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:12.0968 3556 Kbdclass - ok
17:29:13.0031 3556 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:13.0031 3556 kbdhid - ok
17:29:13.0062 3556 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:29:13.0093 3556 kmixer - ok
17:29:13.0125 3556 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:13.0156 3556 KSecDD - ok
17:29:13.0203 3556 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:29:13.0218 3556 lanmanserver - ok
17:29:13.0265 3556 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:29:13.0281 3556 lanmanworkstation - ok
17:29:13.0312 3556 lbrtfdc - ok
17:29:13.0359 3556 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:29:13.0375 3556 LmHosts - ok
17:29:13.0437 3556 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:29:13.0453 3556 MDM - ok
17:29:13.0484 3556 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:29:13.0500 3556 Messenger - ok
17:29:13.0531 3556 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:13.0546 3556 mnmdd - ok
17:29:13.0578 3556 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:29:13.0593 3556 mnmsrvc - ok
17:29:13.0625 3556 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:29:13.0640 3556 Modem - ok
17:29:13.0671 3556 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:13.0671 3556 Mouclass - ok
17:29:13.0718 3556 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:13.0734 3556 mouhid - ok
17:29:13.0765 3556 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:13.0765 3556 MountMgr - ok
17:29:13.0781 3556 mraid35x - ok
17:29:13.0812 3556 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:13.0843 3556 MRxDAV - ok
17:29:13.0906 3556 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:13.0937 3556 MRxSmb - ok
17:29:13.0984 3556 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:29:14.0000 3556 MSDTC - ok
17:29:14.0031 3556 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:29:14.0031 3556 Msfs - ok
17:29:14.0046 3556 MSIServer - ok
17:29:14.0093 3556 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:14.0109 3556 MSKSSRV - ok
17:29:14.0140 3556 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:14.0140 3556 MSPCLOCK - ok
17:29:14.0171 3556 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:14.0171 3556 MSPQM - ok
17:29:14.0203 3556 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:14.0203 3556 mssmbios - ok
17:29:14.0250 3556 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:29:14.0265 3556 Mup - ok
17:29:14.0328 3556 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
17:29:14.0359 3556 napagent - ok
17:29:14.0406 3556 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:29:14.0437 3556 NDIS - ok
17:29:14.0468 3556 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:14.0484 3556 NdisTapi - ok
17:29:14.0500 3556 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:14.0515 3556 Ndisuio - ok
17:29:14.0546 3556 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:14.0546 3556 NdisWan - ok
17:29:14.0578 3556 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:14.0593 3556 NDProxy - ok
17:29:14.0625 3556 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:14.0640 3556 NetBIOS - ok
17:29:14.0687 3556 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:14.0703 3556 NetBT - ok
17:29:14.0750 3556 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
17:29:14.0781 3556 NetDDE - ok
17:29:14.0796 3556 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:29:14.0796 3556 NetDDEdsdm - ok
17:29:14.0843 3556 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:29:14.0843 3556 Netlogon - ok
17:29:14.0875 3556 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
17:29:14.0906 3556 Netman - ok
17:29:14.0937 3556 [ 562E15CE8A98282F241E03829657E344 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:14.0968 3556 NetTcpPortSharing - ok
17:29:15.0000 3556 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
17:29:15.0000 3556 Nla - ok
17:29:15.0046 3556 [ 419F4D80FE7E34E2626C84B3C6035955 ] NMSCFG C:\WINDOWS\system32\drivers\NMSCFG.SYS
17:29:15.0062 3556 NMSCFG - ok
17:29:15.0109 3556 [ EEEA4A259891D43FEC7C25E45973740D ] NMSSvc C:\WINDOWS\System32\NMSSvc.exe
17:29:15.0171 3556 NMSSvc - ok
17:29:15.0218 3556 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:29:15.0218 3556 Npfs - ok
17:29:15.0281 3556 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:15.0609 3556 Ntfs - ok
17:29:15.0640 3556 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:29:15.0656 3556 NtLmSsp - ok
17:29:16.0125 3556 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:29:16.0234 3556 NtmsSvc - ok
17:29:16.0296 3556 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:29:16.0343 3556 Null - ok
17:29:16.0562 3556 [ C82F94077E2497E6685DA208E2F75B43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:17.0937 3556 nv - ok
17:29:18.0015 3556 [ 948C21C77FAD271CC6F851FC46029DD4 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:29:18.0046 3556 NVSvc - ok
17:29:18.0078 3556 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:18.0140 3556 NwlnkFlt - ok
17:29:18.0171 3556 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:18.0234 3556 NwlnkFwd - ok
17:29:18.0312 3556 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:29:18.0390 3556 ose - ok
17:29:18.0437 3556 [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
17:29:18.0531 3556 P3 - ok
17:29:18.0578 3556 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:29:18.0578 3556 Parport - ok
17:29:18.0625 3556 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:18.0640 3556 PartMgr - ok
17:29:18.0687 3556 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:18.0734 3556 ParVdm - ok
17:29:18.0765 3556 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\drivers\pci.sys
17:29:18.0781 3556 PCI - ok
17:29:18.0796 3556 PCIDump - ok
17:29:18.0828 3556 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
17:29:18.0843 3556 PCIIde - ok
17:29:18.0890 3556 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:29:18.0906 3556 Pcmcia - ok
17:29:18.0921 3556 PDCOMP - ok
17:29:18.0953 3556 PDFRAME - ok
17:29:18.0968 3556 PDRELI - ok
17:29:18.0984 3556 PDRFRAME - ok
17:29:19.0015 3556 perc2 - ok
17:29:19.0062 3556 perc2hib - ok
17:29:19.0140 3556 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
17:29:19.0171 3556 PlugPlay - ok
17:29:19.0187 3556 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:29:19.0187 3556 PolicyAgent - ok
17:29:19.0250 3556 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:19.0312 3556 PptpMiniport - ok
17:29:19.0328 3556 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\drivers\processr.sys
17:29:19.0390 3556 Processor - ok
17:29:19.0406 3556 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:29:19.0406 3556 ProtectedStorage - ok
17:29:19.0437 3556 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:19.0453 3556 PSched - ok
17:29:19.0562 3556 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:19.0562 3556 Ptilink - ok
17:29:19.0578 3556 ql1080 - ok
17:29:19.0593 3556 Ql10wnt - ok
17:29:19.0609 3556 ql12160 - ok
17:29:19.0671 3556 ql1240 - ok
17:29:19.0687 3556 ql1280 - ok
17:29:19.0718 3556 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:19.0765 3556 RasAcd - ok
17:29:19.0812 3556 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:29:19.0859 3556 RasAuto - ok
17:29:19.0875 3556 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:19.0890 3556 Rasl2tp - ok
17:29:19.0937 3556 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:29:19.0953 3556 RasMan - ok
17:29:19.0984 3556 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:19.0984 3556 RasPppoe - ok
17:29:20.0062 3556 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:20.0078 3556 Raspti - ok
17:29:20.0187 3556 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:20.0281 3556 Rdbss - ok
17:29:20.0312 3556 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:20.0343 3556 RDPCDD - ok
17:29:20.0406 3556 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:20.0546 3556 rdpdr - ok
17:29:20.0656 3556 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:20.0796 3556 RDPWD - ok
17:29:20.0906 3556 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:29:21.0062 3556 RDSessMgr - ok
17:29:21.0109 3556 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:21.0156 3556 redbook - ok
17:29:21.0250 3556 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:29:21.0281 3556 RemoteAccess - ok
17:29:21.0359 3556 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:29:21.0390 3556 RemoteRegistry - ok
17:29:21.0421 3556 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:29:21.0453 3556 RpcLocator - ok
17:29:21.0625 3556 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:29:21.0625 3556 RpcSs - ok
17:29:21.0781 3556 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:29:22.0015 3556 RSVP - ok
17:29:22.0046 3556 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
17:29:22.0046 3556 SamSs - ok
17:29:22.0093 3556 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:29:22.0171 3556 SCardSvr - ok
17:29:22.0250 3556 [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
17:29:22.0250 3556 SCDEmu - ok
17:29:22.0359 3556 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:29:22.0500 3556 Schedule - ok
17:29:22.0609 3556 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:22.0718 3556 Secdrv - ok
17:29:22.0875 3556 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
17:29:22.0921 3556 seclogon - ok
17:29:23.0015 3556 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
17:29:23.0015 3556 SENS - ok
17:29:23.0093 3556 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:29:23.0125 3556 serenum - ok
17:29:23.0171 3556 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:29:23.0234 3556 Serial - ok
17:29:23.0328 3556 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:23.0375 3556 Sfloppy - ok
17:29:23.0500 3556 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:29:23.0640 3556 SharedAccess - ok
17:29:23.0828 3556 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:29:23.0828 3556 ShellHWDetection - ok
17:29:23.0843 3556 Simbad - ok
17:29:24.0093 3556 [ 4931615EF9543728E0204973BE27B350 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:29:24.0140 3556 smwdm - ok
17:29:24.0250 3556 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:29:24.0328 3556 SONYPVU1 - ok
17:29:24.0343 3556 Sparrow - ok
17:29:24.0406 3556 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:29:24.0437 3556 splitter - ok
17:29:24.0562 3556 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:29:24.0578 3556 Spooler - ok
17:29:24.0625 3556 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:24.0718 3556 sr - ok
17:29:24.0937 3556 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
17:29:25.0062 3556 srservice - ok
17:29:25.0203 3556 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:25.0453 3556 Srv - ok
17:29:25.0578 3556 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:29:25.0593 3556 SSDPSRV - ok
17:29:25.0828 3556 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:29:25.0843 3556 ssmdrv - ok
17:29:25.0984 3556 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:29:26.0281 3556 stisvc - ok
17:29:26.0343 3556 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:26.0375 3556 swenum - ok
17:29:26.0406 3556 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:29:26.0484 3556 swmidi - ok
17:29:26.0500 3556 SwPrv - ok
17:29:26.0593 3556 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
17:29:26.0656 3556 symc810 - ok
17:29:26.0750 3556 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
17:29:26.0812 3556 symc8xx - ok
17:29:26.0859 3556 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\System32\DRIVERS\symmpi.sys
17:29:26.0921 3556 Symmpi - ok
17:29:26.0984 3556 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
17:29:27.0078 3556 sym_hi - ok
17:29:27.0125 3556 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
17:29:27.0187 3556 sym_u3 - ok
17:29:27.0218 3556 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:27.0265 3556 sysaudio - ok
17:29:27.0343 3556 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:29:27.0437 3556 SysmonLog - ok
17:29:27.0546 3556 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:29:27.0578 3556 TapiSrv - ok
17:29:27.0750 3556 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:28.0359 3556 Tcpip - ok
17:29:28.0421 3556 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:28.0437 3556 TDPIPE - ok
17:29:30.0281 3556 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:30.0328 3556 TDTCP - ok
17:29:30.0390 3556 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:30.0437 3556 TermDD - ok
17:29:30.0515 3556 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
17:29:30.0906 3556 TermService - ok
17:29:30.0968 3556 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:29:30.0968 3556 Themes - ok
17:29:31.0015 3556 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:29:31.0062 3556 TlntSvr - ok
17:29:31.0078 3556 TosIde - ok
17:29:31.0140 3556 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:29:31.0234 3556 TrkWks - ok
17:29:31.0281 3556 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:29:31.0296 3556 Udfs - ok
17:29:31.0296 3556 ultra - ok
17:29:31.0390 3556 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:29:31.0500 3556 Update - ok
17:29:31.0546 3556 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:29:31.0609 3556 upnphost - ok
17:29:31.0640 3556 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
17:29:31.0656 3556 UPS - ok
17:29:31.0703 3556 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:31.0718 3556 usbccgp - ok
17:29:31.0781 3556 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:31.0796 3556 usbehci - ok
17:29:31.0828 3556 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:31.0843 3556 usbhub - ok
17:29:31.0859 3556 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:29:31.0875 3556 usbohci - ok
17:29:31.0937 3556 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:29:31.0937 3556 usbprint - ok
17:29:32.0000 3556 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:29:32.0015 3556 usbscan - ok
17:29:32.0046 3556 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:32.0062 3556 USBSTOR - ok
17:29:32.0093 3556 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:29:32.0109 3556 usbuhci - ok
17:29:32.0125 3556 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:29:32.0140 3556 VgaSave - ok
17:29:32.0171 3556 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
17:29:32.0187 3556 ViaIde - ok
17:29:32.0203 3556 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:29:32.0218 3556 VolSnap - ok
17:29:32.0328 3556 [ 4D8FC912E146DE0115392381C7114588 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:29:32.0359 3556 vpnagent - ok
17:29:32.0390 3556 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
17:29:32.0406 3556 vpnva - ok
17:29:32.0484 3556 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
17:29:32.0515 3556 VSS - ok
17:29:32.0562 3556 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
17:29:32.0578 3556 W32Time - ok
17:29:32.0609 3556 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:29:32.0625 3556 Wanarp - ok
17:29:32.0640 3556 WDICA - ok
17:29:32.0687 3556 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:29:32.0703 3556 wdmaud - ok
17:29:32.0750 3556 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:29:32.0765 3556 WebClient - ok
17:29:32.0859 3556 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:29:32.0875 3556 winmgmt - ok
17:29:32.0937 3556 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:29:32.0953 3556 WmdmPmSN - ok
17:29:33.0000 3556 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:29:33.0015 3556 Wmi - ok
17:29:33.0078 3556 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:29:33.0093 3556 WmiApSrv - ok
17:29:33.0125 3556 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:29:33.0140 3556 wscsvc - ok
17:29:33.0171 3556 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:29:33.0171 3556 wuauserv - ok
17:29:33.0250 3556 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:29:33.0312 3556 WZCSVC - ok
17:29:33.0359 3556 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:29:33.0375 3556 xmlprov - ok
17:29:33.0421 3556 ================ Scan global ===============================
17:29:33.0484 3556 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:29:33.0546 3556 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:29:33.0593 3556 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:29:33.0609 3556 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:29:33.0625 3556 [Global] - ok
17:29:33.0625 3556 ================ Scan MBR ==================================
17:29:33.0656 3556 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:29:33.0812 3556 \Device\Harddisk0\DR0 - ok
17:29:33.0828 3556 ================ Scan VBR ==================================
17:29:33.0828 3556 [ B89140E403890EBD880A4B948F442633 ] \Device\Harddisk0\DR0\Partition1
17:29:33.0828 3556 \Device\Harddisk0\DR0\Partition1 - ok
17:29:33.0843 3556 ============================================================
17:29:33.0843 3556 Scan finished
17:29:33.0843 3556 ============================================================
17:29:33.0859 0392 Detected object count: 1
17:29:33.0859 0392 Actual detected object count: 1
17:30:10.0031 0392 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:30:10.0031 0392 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
Astalavista |
|
08.06.2013, 17:03
| #14 |
| /// Malware-holic | Wie System Doctor 2014 auf WinXp entfernen bitte tdss killer konfigurieren wie in der anleitung, erneut ausführen, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 10:41
| #15 |
| | Wie System Doctor 2014 auf WinXp entfernen Euweh... wer lesen kann ist klar im Vorteil. Sorry für mein übereiltes Posting. Hab des Scan nochmal mit modifizierten Einstellungen laufen lassen. Da kamen doch ne ganze Menge Meldungen. Hier das LOG-File: Code:
ATTFilter 11:38:06.0765 3916 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:38:07.0156 3916 ============================================================
11:38:07.0156 3916 Current date / time: 2013/06/09 11:38:07.0156
11:38:07.0156 3916 SystemInfo:
11:38:07.0156 3916
11:38:07.0156 3916 OS Version: 5.1.2600 ServicePack: 3.0
11:38:07.0156 3916 Product type: Workstation
11:38:07.0156 3916 ComputerName: MHT11
11:38:07.0156 3916 UserName: Administrator
11:38:07.0156 3916 Windows directory: C:\WINDOWS
11:38:07.0156 3916 System windows directory: C:\WINDOWS
11:38:07.0156 3916 Processor architecture: Intel x86
11:38:07.0171 3916 Number of processors: 1
11:38:07.0171 3916 Page size: 0x1000
11:38:07.0171 3916 Boot type: Normal boot
11:38:07.0171 3916 ============================================================
11:38:09.0171 3916 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:38:09.0187 3916 ============================================================
11:38:09.0187 3916 \Device\Harddisk0\DR0:
11:38:09.0187 3916 MBR partitions:
11:38:09.0187 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:38:09.0187 3916 ============================================================
11:38:09.0187 3916 C: <-> \Device\Harddisk0\DR0\Partition1
11:38:09.0187 3916 ============================================================
11:38:09.0187 3916 Initialize success
11:38:09.0187 3916 ============================================================
11:38:36.0093 3432 ============================================================
11:38:36.0093 3432 Scan started
11:38:36.0093 3432 Mode: Manual; SigCheck; TDLFS;
11:38:36.0093 3432 ============================================================
11:38:38.0218 3432 ================ Scan system memory ========================
11:38:38.0218 3432 System memory - ok
11:38:38.0218 3432 ================ Scan services =============================
11:38:39.0109 3432 Abiosdsk - ok
11:38:39.0125 3432 abp480n5 - ok
11:38:39.0203 3432 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
11:38:47.0828 3432 ac97intc - ok
11:38:47.0875 3432 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
11:38:48.0093 3432 ACPI - ok
11:38:48.0125 3432 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:38:48.0312 3432 ACPIEC - ok
11:38:48.0359 3432 [ A9F02264C4A52CC667E7B8799514C877 ] ACS C:\WINDOWS\system32\acs.exe
11:38:48.0390 3432 ACS ( UnsignedFile.Multi.Generic ) - warning
11:38:48.0390 3432 ACS - detected UnsignedFile.Multi.Generic (1)
11:38:48.0453 3432 [ D2523D28674B03976AFC1AB6EF712F27 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
11:38:48.0546 3432 acsint - ok
11:38:48.0562 3432 [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
11:38:48.0593 3432 acsmux - ok
11:38:48.0687 3432 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:38:48.0734 3432 AdobeFlashPlayerUpdateSvc - ok
11:38:48.0750 3432 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
11:38:48.0968 3432 adpu160m - ok
11:38:48.0984 3432 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\System32\DRIVERS\adpu320.sys
11:38:49.0062 3432 adpu320 ( UnsignedFile.Multi.Generic ) - warning
11:38:49.0062 3432 adpu320 - detected UnsignedFile.Multi.Generic (1)
11:38:49.0125 3432 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:38:49.0437 3432 aec - ok
11:38:49.0468 3432 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:38:49.0500 3432 AegisP ( UnsignedFile.Multi.Generic ) - warning
11:38:49.0500 3432 AegisP - detected UnsignedFile.Multi.Generic (1)
11:38:49.0546 3432 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:38:49.0625 3432 AFD - ok
11:38:49.0656 3432 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:38:49.0859 3432 agp440 - ok
11:38:49.0875 3432 Aha154x - ok
11:38:49.0906 3432 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
11:38:50.0125 3432 aic78u2 - ok
11:38:50.0140 3432 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
11:38:50.0375 3432 aic78xx - ok
11:38:50.0671 3432 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll
11:38:50.0671 3432 Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
11:38:50.0703 3432 Akamai ( HiddenFile.Multi.Generic ) - warning
11:38:50.0703 3432 Akamai - detected HiddenFile.Multi.Generic (1)
11:38:50.0750 3432 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:38:50.0968 3432 Alerter - ok
11:38:50.0984 3432 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:38:51.0171 3432 ALG - ok
11:38:51.0187 3432 AliIde - ok
11:38:51.0203 3432 amsint - ok
11:38:51.0281 3432 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:38:51.0343 3432 AntiVirSchedulerService - ok
11:38:51.0375 3432 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:38:51.0421 3432 AntiVirService - ok
11:38:51.0484 3432 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:38:51.0828 3432 AppMgmt - ok
11:38:51.0921 3432 [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523 C:\WINDOWS\system32\DRIVERS\ar5523.sys
11:38:52.0125 3432 AR5523 ( UnsignedFile.Multi.Generic ) - warning
11:38:52.0125 3432 AR5523 - detected UnsignedFile.Multi.Generic (1)
11:38:52.0125 3432 asc - ok
11:38:52.0140 3432 asc3350p - ok
11:38:52.0156 3432 asc3550 - ok
11:38:52.0234 3432 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:38:52.0328 3432 aspnet_state - ok
11:38:52.0375 3432 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:38:52.0562 3432 AsyncMac - ok
11:38:52.0609 3432 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
11:38:52.0796 3432 atapi - ok
11:38:52.0796 3432 Atdisk - ok
11:38:52.0828 3432 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:38:53.0031 3432 Atmarpc - ok
11:38:53.0062 3432 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:38:53.0250 3432 AudioSrv - ok
11:38:53.0281 3432 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:38:53.0500 3432 audstub - ok
11:38:53.0562 3432 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
11:38:53.0609 3432 Autodesk Licensing Service - ok
11:38:53.0640 3432 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:38:53.0687 3432 avgntflt - ok
11:38:53.0718 3432 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:38:53.0750 3432 avipbb - ok
11:38:53.0796 3432 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:38:53.0828 3432 avkmgr - ok
11:38:53.0859 3432 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:38:54.0078 3432 Beep - ok
11:38:54.0171 3432 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:38:54.0531 3432 BITS - ok
11:38:54.0593 3432 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
11:38:54.0718 3432 Browser - ok
11:38:54.0812 3432 [ 9BDBDA21D3BA8E374FD06A405BE10215 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
11:38:54.0843 3432 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - warning
11:38:54.0843 3432 C-DillaCdaC11BA - detected UnsignedFile.Multi.Generic (1)
11:38:54.0890 3432 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:38:55.0109 3432 cbidf2k - ok
11:38:55.0109 3432 cd20xrnt - ok
11:38:55.0156 3432 [ F76CB7259AA575CC53F3996BC6B68C18 ] CdaC15BA C:\WINDOWS\system32\drivers\CDAC15BA.SYS
11:38:55.0171 3432 CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
11:38:55.0171 3432 CdaC15BA - detected UnsignedFile.Multi.Generic (1)
11:38:55.0218 3432 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:38:55.0453 3432 Cdaudio - ok
11:38:55.0531 3432 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:38:55.0734 3432 Cdfs - ok
11:38:55.0750 3432 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:38:55.0953 3432 Cdrom - ok
11:38:55.0953 3432 Changer - ok
11:38:56.0000 3432 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:38:56.0187 3432 CiSvc - ok
11:38:56.0203 3432 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:38:56.0390 3432 ClipSrv - ok
11:38:56.0437 3432 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:56.0671 3432 clr_optimization_v2.0.50727_32 - ok
11:38:56.0671 3432 CmdIde - ok
11:38:56.0687 3432 COMSysApp - ok
11:38:56.0734 3432 Cpqarray - ok
11:38:56.0781 3432 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:38:57.0062 3432 CryptSvc - ok
11:38:57.0093 3432 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:38:57.0171 3432 CVirtA - ok
11:38:57.0281 3432 [ D4A26B0926171DC4F969955D157D1311 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
11:38:57.0468 3432 CVPND - ok
11:38:57.0531 3432 [ C23025AC5AE45A105D63BD6E2408EDD4 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:38:57.0593 3432 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:38:57.0593 3432 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:38:57.0593 3432 dac2w2k - ok
11:38:57.0609 3432 dac960nt - ok
11:38:57.0656 3432 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:38:57.0781 3432 DcomLaunch - ok
11:38:57.0828 3432 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:38:58.0031 3432 Dhcp - ok
11:38:58.0062 3432 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:38:58.0250 3432 Disk - ok
11:38:58.0265 3432 dmadmin - ok
11:38:58.0312 3432 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:38:58.0593 3432 dmboot - ok
11:38:58.0625 3432 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:38:58.0828 3432 dmio - ok
11:38:58.0875 3432 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:38:59.0093 3432 dmload - ok
11:38:59.0140 3432 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:38:59.0406 3432 dmserver - ok
11:38:59.0484 3432 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:38:59.0703 3432 DMusic - ok
11:38:59.0750 3432 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:38:59.0796 3432 DNE - ok
11:38:59.0843 3432 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:39:00.0046 3432 Dnscache - ok
11:39:00.0093 3432 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:39:00.0312 3432 Dot3svc - ok
11:39:00.0343 3432 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
11:39:00.0546 3432 dpti2o - ok
11:39:00.0578 3432 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:39:00.0750 3432 drmkaud - ok
11:39:00.0796 3432 [ FE9CB643A034285031502D3369E5A869 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:39:00.0859 3432 E100B - ok
11:39:00.0921 3432 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:39:01.0125 3432 EapHost - ok
11:39:01.0171 3432 [ 53CE0799C9384CAC99942FF032285F21 ] eaps2kbd C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
11:39:01.0218 3432 eaps2kbd - ok
11:39:01.0250 3432 [ E54E3A335B3A03AD0252E50BB92A633C ] EAWDMFD C:\WINDOWS\system32\drivers\EAWDMFD.sys
11:39:01.0281 3432 EAWDMFD - ok
11:39:01.0312 3432 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:39:01.0515 3432 ERSvc - ok
11:39:01.0562 3432 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:39:01.0625 3432 Eventlog - ok
11:39:01.0671 3432 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
11:39:01.0875 3432 EventSystem - ok
11:39:01.0921 3432 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:39:02.0265 3432 Fastfat - ok
11:39:02.0328 3432 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:39:02.0453 3432 FastUserSwitchingCompatibility - ok
11:39:02.0484 3432 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:39:02.0718 3432 Fdc - ok
11:39:02.0734 3432 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:39:03.0062 3432 Fips - ok
11:39:03.0078 3432 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:39:03.0265 3432 Flpydisk - ok
11:39:03.0312 3432 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:39:03.0578 3432 FltMgr - ok
11:39:03.0656 3432 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:39:03.0687 3432 FontCache3.0.0.0 - ok
11:39:03.0734 3432 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:39:03.0937 3432 Fs_Rec - ok
11:39:03.0984 3432 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:39:04.0203 3432 Ftdisk - ok
11:39:04.0250 3432 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:39:04.0453 3432 Gpc - ok
11:39:04.0500 3432 [ 236199389AFDE897F24C7E51AC89C010 ] GT680x C:\WINDOWS\system32\Drivers\gt680x.sys
11:39:04.0562 3432 GT680x - ok
11:39:04.0671 3432 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:39:04.0890 3432 helpsvc - ok
11:39:04.0953 3432 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
11:39:05.0171 3432 HidServ - ok
11:39:05.0218 3432 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:39:05.0453 3432 HidUsb - ok
11:39:05.0515 3432 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:39:05.0906 3432 hkmsvc - ok
11:39:05.0906 3432 hpn - ok
11:39:05.0968 3432 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:39:06.0031 3432 HTTP - ok
11:39:06.0062 3432 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:39:06.0281 3432 HTTPFilter - ok
11:39:06.0281 3432 i2omgmt - ok
11:39:06.0296 3432 i2omp - ok
11:39:06.0328 3432 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:39:06.0546 3432 i8042prt - ok
11:39:06.0609 3432 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
11:39:06.0906 3432 i81x - ok
11:39:06.0937 3432 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
11:39:07.0140 3432 iAimFP0 - ok
11:39:07.0156 3432 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
11:39:07.0406 3432 iAimFP1 - ok
11:39:07.0437 3432 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
11:39:07.0656 3432 iAimFP2 - ok
11:39:07.0734 3432 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
11:39:07.0968 3432 iAimFP3 - ok
11:39:08.0000 3432 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
11:39:08.0250 3432 iAimFP4 - ok
11:39:08.0296 3432 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
11:39:08.0593 3432 iAimTV0 - ok
11:39:08.0609 3432 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
11:39:08.0796 3432 iAimTV1 - ok
11:39:08.0812 3432 iAimTV2 - ok
11:39:08.0843 3432 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
11:39:09.0031 3432 iAimTV3 - ok
11:39:09.0062 3432 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
11:39:09.0343 3432 iAimTV4 - ok
11:39:09.0468 3432 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:39:09.0656 3432 idsvc - ok
11:39:09.0703 3432 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:39:10.0046 3432 Imapi - ok
11:39:10.0093 3432 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
11:39:10.0296 3432 ImapiService - ok
11:39:10.0312 3432 ini910u - ok
11:39:10.0328 3432 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\drivers\intelide.sys
11:39:10.0531 3432 IntelIde - ok
11:39:10.0578 3432 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:39:10.0796 3432 intelppm - ok
11:39:10.0843 3432 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:39:11.0125 3432 ip6fw - ok
11:39:11.0156 3432 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:39:11.0406 3432 IpFilterDriver - ok
11:39:11.0437 3432 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:39:11.0609 3432 IpInIp - ok
11:39:11.0625 3432 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:39:11.0812 3432 IpNat - ok
11:39:11.0859 3432 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:39:12.0015 3432 IPSec - ok
11:39:12.0046 3432 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:39:12.0250 3432 IRENUM - ok
11:39:12.0281 3432 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
11:39:12.0453 3432 isapnp - ok
11:39:12.0484 3432 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:39:12.0671 3432 Kbdclass - ok
11:39:12.0718 3432 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:39:12.0921 3432 kbdhid - ok
11:39:12.0937 3432 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:39:13.0156 3432 kmixer - ok
11:39:13.0218 3432 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:39:13.0375 3432 KSecDD - ok
11:39:13.0468 3432 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:39:13.0562 3432 lanmanserver - ok
11:39:13.0609 3432 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:39:13.0703 3432 lanmanworkstation - ok
11:39:13.0718 3432 lbrtfdc - ok
11:39:13.0781 3432 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:39:13.0984 3432 LmHosts - ok
11:39:14.0078 3432 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
11:39:14.0125 3432 MDM - ok
11:39:14.0171 3432 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:39:14.0343 3432 Messenger - ok
11:39:14.0375 3432 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:39:14.0609 3432 mnmdd - ok
11:39:14.0656 3432 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
11:39:14.0828 3432 mnmsrvc - ok
11:39:14.0875 3432 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:39:15.0046 3432 Modem - ok
11:39:15.0062 3432 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:39:15.0250 3432 Mouclass - ok
11:39:15.0296 3432 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:39:15.0515 3432 mouhid - ok
11:39:15.0546 3432 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:39:15.0734 3432 MountMgr - ok
11:39:15.0750 3432 mraid35x - ok
11:39:15.0781 3432 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:39:15.0968 3432 MRxDAV - ok
11:39:16.0015 3432 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:39:16.0140 3432 MRxSmb - ok
11:39:16.0203 3432 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:39:16.0421 3432 MSDTC - ok
11:39:16.0468 3432 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:39:16.0812 3432 Msfs - ok
11:39:16.0812 3432 MSIServer - ok
11:39:16.0843 3432 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:39:17.0062 3432 MSKSSRV - ok
11:39:17.0093 3432 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:39:17.0281 3432 MSPCLOCK - ok
11:39:17.0312 3432 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:39:17.0531 3432 MSPQM - ok
11:39:17.0562 3432 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:39:17.0750 3432 mssmbios - ok
11:39:17.0812 3432 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:39:17.0859 3432 Mup - ok
11:39:17.0921 3432 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:39:18.0156 3432 napagent - ok
11:39:18.0203 3432 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:39:18.0406 3432 NDIS - ok
11:39:18.0453 3432 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:39:18.0531 3432 NdisTapi - ok
11:39:18.0546 3432 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:39:18.0750 3432 Ndisuio - ok
11:39:18.0781 3432 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:39:19.0046 3432 NdisWan - ok
11:39:19.0093 3432 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:39:19.0187 3432 NDProxy - ok
11:39:19.0234 3432 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:39:19.0484 3432 NetBIOS - ok
11:39:19.0546 3432 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:39:19.0875 3432 NetBT - ok
11:39:19.0921 3432 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:39:20.0281 3432 NetDDE - ok
11:39:20.0296 3432 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:39:20.0921 3432 NetDDEdsdm - ok
11:39:20.0968 3432 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
11:39:21.0234 3432 Netlogon - ok
11:39:21.0281 3432 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:39:21.0656 3432 Netman - ok
11:39:21.0734 3432 [ 562E15CE8A98282F241E03829657E344 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:39:21.0765 3432 NetTcpPortSharing - ok
11:39:21.0812 3432 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:39:21.0921 3432 Nla - ok
11:39:21.0968 3432 [ 419F4D80FE7E34E2626C84B3C6035955 ] NMSCFG C:\WINDOWS\system32\drivers\NMSCFG.SYS
11:39:22.0015 3432 NMSCFG ( UnsignedFile.Multi.Generic ) - warning
11:39:22.0015 3432 NMSCFG - detected UnsignedFile.Multi.Generic (1)
11:39:22.0421 3432 [ EEEA4A259891D43FEC7C25E45973740D ] NMSSvc C:\WINDOWS\System32\NMSSvc.exe
11:39:22.0734 3432 NMSSvc ( UnsignedFile.Multi.Generic ) - warning
11:39:22.0734 3432 NMSSvc - detected UnsignedFile.Multi.Generic (1)
11:39:22.0781 3432 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:39:23.0109 3432 Npfs - ok
11:39:23.0156 3432 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:39:23.0453 3432 Ntfs - ok
11:39:23.0484 3432 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
11:39:23.0656 3432 NtLmSsp - ok
11:39:23.0703 3432 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:39:23.0953 3432 NtmsSvc - ok
11:39:24.0046 3432 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:39:24.0281 3432 Null - ok
11:39:24.0796 3432 [ C82F94077E2497E6685DA208E2F75B43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:39:25.0453 3432 nv ( UnsignedFile.Multi.Generic ) - warning
11:39:25.0453 3432 nv - detected UnsignedFile.Multi.Generic (1)
11:39:25.0515 3432 [ 948C21C77FAD271CC6F851FC46029DD4 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:39:25.0609 3432 NVSvc ( UnsignedFile.Multi.Generic ) - warning
11:39:25.0609 3432 NVSvc - detected UnsignedFile.Multi.Generic (1)
11:39:25.0640 3432 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:39:25.0890 3432 NwlnkFlt - ok
11:39:25.0921 3432 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:39:26.0140 3432 NwlnkFwd - ok
11:39:26.0234 3432 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:39:26.0281 3432 ose - ok
11:39:26.0343 3432 [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
11:39:26.0765 3432 P3 - ok
11:39:26.0796 3432 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:39:27.0078 3432 Parport - ok
11:39:27.0109 3432 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:39:27.0390 3432 PartMgr - ok
11:39:27.0515 3432 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:39:27.0750 3432 ParVdm - ok
11:39:27.0796 3432 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\drivers\pci.sys
11:39:28.0031 3432 PCI - ok
11:39:28.0046 3432 PCIDump - ok
11:39:28.0093 3432 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\System32\DRIVERS\pciide.sys
11:39:28.0343 3432 PCIIde - ok
11:39:28.0390 3432 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:39:28.0656 3432 Pcmcia - ok
11:39:28.0671 3432 PDCOMP - ok
11:39:28.0687 3432 PDFRAME - ok
11:39:28.0703 3432 PDRELI - ok
11:39:28.0718 3432 PDRFRAME - ok
11:39:28.0734 3432 perc2 - ok
11:39:28.0750 3432 perc2hib - ok
11:39:28.0812 3432 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:39:28.0890 3432 PlugPlay - ok
11:39:28.0906 3432 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
11:39:29.0093 3432 PolicyAgent - ok
11:39:29.0125 3432 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:39:29.0390 3432 PptpMiniport - ok
11:39:29.0437 3432 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\drivers\processr.sys
11:39:29.0703 3432 Processor - ok
11:39:29.0750 3432 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:39:29.0953 3432 ProtectedStorage - ok
11:39:29.0984 3432 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:39:30.0312 3432 PSched - ok
11:39:30.0375 3432 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:39:30.0703 3432 Ptilink - ok
11:39:30.0718 3432 ql1080 - ok
11:39:30.0734 3432 Ql10wnt - ok
11:39:30.0734 3432 ql12160 - ok
11:39:30.0750 3432 ql1240 - ok
11:39:30.0765 3432 ql1280 - ok
11:39:30.0812 3432 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:39:31.0828 3432 RasAcd - ok
11:39:31.0937 3432 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:39:32.0484 3432 RasAuto - ok
11:39:32.0515 3432 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:39:32.0765 3432 Rasl2tp - ok
11:39:32.0921 3432 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:39:33.0234 3432 RasMan - ok
11:39:33.0265 3432 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:39:33.0515 3432 RasPppoe - ok
11:39:33.0609 3432 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:39:33.0937 3432 Raspti - ok
11:39:34.0015 3432 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:39:34.0265 3432 Rdbss - ok
11:39:34.0312 3432 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:39:34.0562 3432 RDPCDD - ok
11:39:34.0625 3432 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:39:34.0843 3432 rdpdr - ok
11:39:34.0890 3432 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:39:34.0953 3432 RDPWD - ok
11:39:35.0000 3432 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:39:35.0234 3432 RDSessMgr - ok
11:39:35.0265 3432 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:39:35.0468 3432 redbook - ok
11:39:35.0531 3432 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:39:35.0765 3432 RemoteAccess - ok
11:39:35.0796 3432 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:39:36.0000 3432 RemoteRegistry - ok
11:39:36.0031 3432 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
11:39:36.0218 3432 RpcLocator - ok
11:39:36.0250 3432 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:39:36.0578 3432 RpcSs - ok
11:39:36.0609 3432 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
11:39:36.0828 3432 RSVP - ok
11:39:36.0859 3432 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:39:37.0109 3432 SamSs - ok
11:39:37.0140 3432 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:39:37.0390 3432 SCardSvr - ok
11:39:37.0453 3432 [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
11:39:37.0468 3432 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
11:39:37.0468 3432 SCDEmu - detected UnsignedFile.Multi.Generic (1)
11:39:37.0531 3432 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:39:37.0734 3432 Schedule - ok
11:39:37.0781 3432 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:39:37.0953 3432 Secdrv - ok
11:39:38.0000 3432 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:39:38.0171 3432 seclogon - ok
11:39:38.0203 3432 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:39:38.0375 3432 SENS - ok
11:39:38.0453 3432 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:39:38.0656 3432 serenum - ok
11:39:38.0687 3432 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:39:39.0296 3432 Serial - ok
11:39:39.0343 3432 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:39:39.0578 3432 Sfloppy - ok
11:39:39.0656 3432 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:39:39.0968 3432 SharedAccess - ok
11:39:40.0000 3432 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:39:40.0062 3432 ShellHWDetection - ok
11:39:40.0062 3432 Simbad - ok
11:39:40.0203 3432 [ 4931615EF9543728E0204973BE27B350 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
11:39:40.0328 3432 smwdm - ok
11:39:40.0390 3432 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:39:40.0640 3432 SONYPVU1 - ok
11:39:40.0656 3432 Sparrow - ok
11:39:40.0687 3432 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:39:40.0875 3432 splitter - ok
11:39:40.0906 3432 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:39:40.0968 3432 Spooler - ok
11:39:40.0984 3432 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:39:41.0171 3432 sr - ok
11:39:41.0218 3432 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
11:39:41.0437 3432 srservice - ok
11:39:41.0484 3432 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:39:41.0562 3432 Srv - ok
11:39:41.0609 3432 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:39:41.0796 3432 SSDPSRV - ok
11:39:41.0843 3432 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:39:41.0875 3432 ssmdrv - ok
11:39:41.0921 3432 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:39:42.0187 3432 stisvc - ok
11:39:42.0296 3432 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:39:42.0578 3432 swenum - ok
11:39:42.0687 3432 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:39:42.0968 3432 swmidi - ok
11:39:42.0984 3432 SwPrv - ok
11:39:43.0062 3432 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
11:39:43.0390 3432 symc810 - ok
11:39:43.0453 3432 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
11:39:43.0765 3432 symc8xx - ok
11:39:43.0781 3432 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\System32\DRIVERS\symmpi.sys
11:39:43.0890 3432 Symmpi ( UnsignedFile.Multi.Generic ) - warning
11:39:43.0890 3432 Symmpi - detected UnsignedFile.Multi.Generic (1)
11:39:43.0953 3432 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
11:39:44.0203 3432 sym_hi - ok
11:39:44.0265 3432 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
11:39:44.0531 3432 sym_u3 - ok
11:39:44.0562 3432 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:39:45.0109 3432 sysaudio - ok
11:39:45.0187 3432 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:39:45.0515 3432 SysmonLog - ok
11:39:45.0578 3432 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:39:45.0828 3432 TapiSrv - ok
11:39:45.0875 3432 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:39:45.0984 3432 Tcpip - ok
11:39:46.0031 3432 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:39:46.0218 3432 TDPIPE - ok
11:39:46.0250 3432 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:39:46.0453 3432 TDTCP - ok
11:39:46.0500 3432 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:39:46.0718 3432 TermDD - ok
11:39:46.0812 3432 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:39:47.0093 3432 TermService - ok
11:39:47.0125 3432 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:39:47.0171 3432 Themes - ok
11:39:47.0203 3432 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
11:39:47.0546 3432 TlntSvr - ok
11:39:47.0578 3432 TosIde - ok
11:39:47.0781 3432 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:39:48.0187 3432 TrkWks - ok
11:39:48.0218 3432 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:39:48.0531 3432 Udfs - ok
11:39:48.0546 3432 ultra - ok
11:39:48.0765 3432 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:39:49.0484 3432 Update - ok
11:39:49.0671 3432 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:39:50.0437 3432 upnphost - ok
11:39:50.0703 3432 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:39:50.0984 3432 UPS - ok
11:39:51.0109 3432 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:39:51.0875 3432 usbccgp - ok
11:39:52.0062 3432 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:39:52.0953 3432 usbehci - ok
11:39:53.0937 3432 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:39:54.0531 3432 usbhub - ok
11:39:54.0671 3432 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:39:54.0984 3432 usbohci - ok
11:39:55.0125 3432 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:39:55.0500 3432 usbprint - ok
11:39:55.0593 3432 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:39:55.0921 3432 usbscan - ok
11:39:56.0000 3432 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:39:56.0281 3432 USBSTOR - ok
11:39:56.0390 3432 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:39:56.0765 3432 usbuhci - ok
11:39:56.0812 3432 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:39:57.0156 3432 VgaSave - ok
11:39:57.0234 3432 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
11:39:57.0531 3432 ViaIde - ok
11:39:57.0593 3432 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:39:57.0921 3432 VolSnap - ok
11:39:59.0171 3432 [ 4D8FC912E146DE0115392381C7114588 ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:39:59.0468 3432 vpnagent - ok
11:39:59.0562 3432 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
11:39:59.0843 3432 vpnva - ok
11:40:00.0031 3432 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:40:00.0500 3432 VSS - ok
11:40:00.0578 3432 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
11:40:01.0156 3432 W32Time - ok
11:40:03.0265 3432 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:40:04.0500 3432 Wanarp - ok
11:40:04.0578 3432 WDICA - ok
11:40:04.0734 3432 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:40:05.0609 3432 wdmaud - ok
11:40:05.0656 3432 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:40:05.0843 3432 WebClient - ok
11:40:05.0921 3432 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:40:06.0109 3432 winmgmt - ok
11:40:06.0156 3432 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:40:06.0343 3432 WmdmPmSN - ok
11:40:06.0375 3432 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:40:06.0531 3432 Wmi - ok
11:40:06.0593 3432 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:40:06.0781 3432 WmiApSrv - ok
11:40:06.0828 3432 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:40:07.0015 3432 wscsvc - ok
11:40:07.0062 3432 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:40:07.0234 3432 wuauserv - ok
11:40:07.0281 3432 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:40:07.0531 3432 WZCSVC - ok
11:40:07.0593 3432 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:40:07.0812 3432 xmlprov - ok
11:40:07.0843 3432 ================ Scan global ===============================
11:40:07.0890 3432 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:40:07.0953 3432 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:40:07.0984 3432 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:40:08.0015 3432 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:40:08.0015 3432 [Global] - ok
11:40:08.0031 3432 ================ Scan MBR ==================================
11:40:08.0046 3432 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:40:08.0312 3432 \Device\Harddisk0\DR0 - ok
11:40:08.0328 3432 ================ Scan VBR ==================================
11:40:08.0359 3432 [ B89140E403890EBD880A4B948F442633 ] \Device\Harddisk0\DR0\Partition1
11:40:08.0359 3432 \Device\Harddisk0\DR0\Partition1 - ok
11:40:08.0359 3432 ============================================================
11:40:08.0359 3432 Scan finished
11:40:08.0359 3432 ============================================================
11:40:08.0500 1116 Detected object count: 14
11:40:08.0500 1116 Actual detected object count: 14
11:40:24.0453 1116 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0453 1116 adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116 adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0453 1116 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0453 1116 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:40:24.0468 1116 AR5523 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116 AR5523 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0468 1116 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116 C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0468 1116 CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116 CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0468 1116 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 NMSCFG ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 NMSCFG ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 NMSSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 NMSSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 nv ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:24.0484 1116 Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116 Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:40:27.0015 3584 Deinitialize success
|
|
| Themen zu Wie System Doctor 2014 auf WinXp entfernen |
| andere, anderen, doctor, entferne, entfernen, forum, individuelle, konnte, malewarebytes, scan, scanne, system, system doctor, system doctor 2014, threads, vorgehen, winxp |
Linear-Darstellung
