Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wie System Doctor 2014 auf WinXp entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.06.2013, 18:50   #1
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hallo liebes Forum!

Mich hat nun auch dieser miese System Doctor 2014 erwischt. Aus den anderen Threads konnte ich lesen, dass man doch auf individuelle Hilfe angewiesen ist.
Also was soll/kann ich tun? Bisher habe ich mir nur von Malewarebytes das AntiRootkit heruntergeladen und scanne damit gerade meinen Rechner... wie soll ich weiter vorgehen?

Beste Grüße,
Astalavista

Alt 04.06.2013, 18:52   #2
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hi erst mal den Scan abbrechen und hiermit weiter.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.06.2013, 19:16   #3
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hat ne Weile gedauert, aber jetzt hab ich die Logfiles

Also:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
 
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2013.05.07 14:58:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 14:32:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.26 08:43:46 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.15 16:41:18 | 000,348,160 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD) -- C:\Programme\TP-LINK\TWCU\TWCU.exe
PRC - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 08:44:20 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.11.17 13:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2006.11.17 18:29:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Unknown (-1) | Unknown] --  -- (mbamswissarmy)
SRV - [2013.05.20 12:23:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013.03.23 11:45:27 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010.04.09 19:06:36 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013.03.30 14:33:55 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.30 14:33:55 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.30 14:33:55 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.26 08:24:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2013.03.26 08:18:22 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2013.03.26 08:18:22 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2013.02.04 19:48:47 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.08.07 02:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.06.16 14:50:18 | 000,012,416 | ---- | M] (         ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GT680X.SYS -- (GT680x)
DRV - [2006.01.16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2004.08.03 23:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004.08.03 23:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004.08.03 23:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004.08.03 23:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004.08.03 23:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004.08.03 23:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004.08.03 23:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.03 23:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004.08.03 23:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004.08.03 23:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2002.05.03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002.04.04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [1999.10.29 22:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.11 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.01 19:00:25 | 000,000,000 | ---D | M]
 
[2010.03.16 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.01.08 11:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions
[2010.05.24 16:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.11 12:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.11 14:23:48 | 000,000,978 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 134.109.132.3	vpngate.hrz.tu-chemnitz.de ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [fmdvvefl] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ahnatfuo.exe" File not found
O4 - HKCU..\Run: [hxtujdgo] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe ()
O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe ()
O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found
O4 - HKLM..\RunOnce: [A0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Programme/proeWildfire%202.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74EC16FF-C326-486E-BFAE-D40FAB257DBD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {210C90F8-F6F3-D2A3-CD6E-D14C51BD875B} - Outlook Express
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3D74679B-D1BE-3FA4-49D6-4CF0310E3A4C} - Internet Explorer
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A9F0ACF4-5F41-6116-BC77-5E8F5BF1C1DE} - Windows Media Player
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CCE65A1E-4161-B4A1-369D-ED5C267D516B} - Browseranpassungen
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CPQEASYACC - hkey= - key= - C:\Programme\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: PROMon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: Smapp - hkey= - key= - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 19:54:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.06.04 19:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
[2013.06.04 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.06.04 19:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003
[2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014
[2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.06.04 19:39:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.06.04 19:38:48 | 013,169,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip
[2013.06.04 19:20:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.04 19:20:12 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.06.04 19:20:12 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.06.04 19:20:12 | 000,081,562 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.06.04 19:20:12 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.06.04 19:18:23 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk
[2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.06.04 19:16:02 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2013.06.04 19:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.04 19:15:47 | 2146,947,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 19:07:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
[2013.05.30 14:36:58 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe
[2013.05.30 09:28:04 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out
[2013.05.30 09:27:56 | 000,000,167 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err
[2013.05.20 13:51:24 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.20 13:45:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.11 14:23:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 19:39:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.06.04 19:39:17 | 013,169,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip
[2013.06.04 19:15:47 | 2146,947,072 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.30 17:32:35 | 000,000,962 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk
[2013.05.30 17:32:35 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.05.30 14:39:00 | 000,045,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
[2013.05.30 14:36:58 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe
[2013.05.30 09:27:16 | 000,000,167 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err
[2013.05.30 09:26:57 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out
[2013.03.26 19:04:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012.02.15 10:34:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.05.10 10:50:31 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010.03.02 14:35:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.04 19:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Autodesk
[2010.03.17 09:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2013.03.19 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PTC
[2013.05.30 17:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2010.04.09 19:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2010.05.02 11:56:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2013.04.06 14:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.17 09:23:09 | 000,000,000 | ---D | M] -- C:\51ebb0d8aeec720a19d9
[2011.11.14 10:51:24 | 000,000,000 | ---D | M] -- C:\a5e841df23b07e470d2b08d4f945
[2010.02.26 17:13:41 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.20 13:49:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.02.26 17:15:46 | 000,000,000 | ---D | M] -- C:\CPQAPPS
[2011.01.10 12:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.02.27 01:09:00 | 000,000,000 | ---D | M] -- C:\i386
[2010.04.11 13:33:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.03.26 18:57:59 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013.04.06 14:22:44 | 000,000,000 | R--D | M] -- C:\Programme
[2010.03.02 14:13:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013.03.28 11:35:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.26 17:22:13 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010.03.16 19:33:03 | 000,000,000 | ---D | M] -- C:\temp
[2013.06.04 19:06:31 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2002.08.29 03:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2002.11.02 18:42:10 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.12.28 15:45:58 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001.08.17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 16:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2002.08.29 10:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2002.11.03 02:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2002.11.03 02:17:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2002.11.03 02:17:50 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.06.04 19:58:56 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2013.06.04 19:59:01 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.06.04 19:15:07 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.02.26 17:15:56 | 000,001,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\OCA_LOG.TXT
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
und EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
 
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe:*:Enabled:ptc10_tmp
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe:*:Enabled:ptc31_tmp
"C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe" = C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd
"C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe:*:Enabled:xtop
"C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Unterstützung
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CdaC13Ba" = SafeCast Shared Components
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"ie8" = Windows Internet Explorer 8
"InstallShield_{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 2.0 Datecode M280" = Pro/ENGINEER Release Wildfire 2.0 Datecode M280
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Software Setup" = Software Setup
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"System Doctor 2014" = System Doctor 2014
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 31.05.2013 10:14:10 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341
 (0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
 Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
 WINDOWS_ERROR_CODE 
 
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 04.06.2013 13:16:05 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
 Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
 
Error - 04.06.2013 13:16:07 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 04.06.2013 13:16:08 | Computer Name = MHT11 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1351 NULL object. Cannot establish a connection at this time.
 
Error - 04.06.2013 13:17:09 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 04.06.2013 13:07:13 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
 für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
 gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" ist vom Dienst
 "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  Fips  i8042prt  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  SCDEmu  ssmdrv
Tcpip
 
Error - 04.06.2013 13:15:05 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
Hat ne Weile gedauert, aber jetzt hab ich die Logfiles

Also:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
 
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2013.05.07 14:58:45 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.30 14:32:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.26 08:43:46 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.15 16:41:18 | 000,348,160 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD) -- C:\Programme\TP-LINK\TWCU\TWCU.exe
PRC - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 08:44:20 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2012.09.19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.11.17 13:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2006.11.17 18:29:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Unknown (-1) | Unknown] --  -- (mbamswissarmy)
SRV - [2013.05.20 12:23:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 14:33:34 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.30 14:32:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.26 08:43:32 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013.03.23 11:45:27 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.04 19:48:45 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010.04.09 19:06:36 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.08.05 07:10:44 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002.05.03 13:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.06.04 19:39:40 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013.03.30 14:33:55 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.30 14:33:55 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.30 14:33:55 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.26 08:24:16 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2013.03.26 08:18:22 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux)
DRV - [2013.03.26 08:18:22 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint)
DRV - [2013.02.04 19:48:47 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007.08.07 02:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.06.16 14:50:18 | 000,012,416 | ---- | M] (         ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GT680X.SYS -- (GT680x)
DRV - [2006.01.16 12:45:30 | 000,360,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2004.08.03 23:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004.08.03 23:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004.08.03 23:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004.08.03 23:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004.08.03 23:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004.08.03 23:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004.08.03 23:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004.08.03 23:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004.08.03 23:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004.08.03 23:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2002.05.03 13:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2002.04.04 06:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [1999.10.29 22:35:08 | 000,024,348 | ---- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.11 12:49:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.01 19:00:25 | 000,000,000 | ---D | M]
 
[2010.03.16 19:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.01.08 11:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions
[2010.05.24 16:22:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\awshiozn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.11 12:49:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.11 14:23:48 | 000,000,978 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 134.109.132.3	vpngate.hrz.tu-chemnitz.de ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TWCU\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [fmdvvefl] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ahnatfuo.exe" File not found
O4 - HKCU..\Run: [hxtujdgo] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe ()
O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe ()
O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found
O4 - HKLM..\RunOnce: [A0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Programme/proeWildfire%202.0/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74EC16FF-C326-486E-BFAE-D40FAB257DBD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {210C90F8-F6F3-D2A3-CD6E-D14C51BD875B} - Outlook Express
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3D74679B-D1BE-3FA4-49D6-4CF0310E3A4C} - Internet Explorer
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A9F0ACF4-5F41-6116-BC77-5E8F5BF1C1DE} - Windows Media Player
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CCE65A1E-4161-B4A1-369D-ED5C267D516B} - Browseranpassungen
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CPQEASYACC - hkey= - key= - C:\Programme\COMPAQ\Easy Access Button Support\STARTEAK.exe (Compaq Computer Corporation)
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= -  File not found
MsConfig - StartUpReg: PROMon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: Smapp - hkey= - key= - C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 19:54:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.06.04 19:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
[2013.06.04 19:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.06.04 19:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003
[2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014
[2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 19:54:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2013.06.04 19:39:40 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.06.04 19:38:48 | 013,169,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip
[2013.06.04 19:20:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.04 19:20:12 | 000,452,736 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.06.04 19:20:12 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.06.04 19:20:12 | 000,081,562 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.06.04 19:20:12 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.06.04 19:18:23 | 000,000,962 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk
[2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.06.04 19:16:02 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2013.06.04 19:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.04 19:15:47 | 2146,947,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 19:07:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
[2013.05.30 14:36:58 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe
[2013.05.30 09:28:04 | 000,000,092 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out
[2013.05.30 09:27:56 | 000,000,167 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err
[2013.05.20 13:51:24 | 000,362,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.20 13:45:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.11 14:23:48 | 000,000,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 19:39:40 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.06.04 19:39:17 | 013,169,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbar-1.06.0.1003.zip
[2013.06.04 19:15:47 | 2146,947,072 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.30 17:32:35 | 000,000,962 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014.lnk
[2013.05.30 17:32:35 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.05.30 14:39:00 | 000,045,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
[2013.05.30 14:36:58 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\nxqatubt.exe
[2013.05.30 09:27:16 | 000,000,167 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.err
[2013.05.30 09:26:57 | 000,000,092 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\std.out
[2013.03.26 19:04:13 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012.02.15 10:34:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010.05.10 10:50:31 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010.03.02 14:35:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.04 19:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Autodesk
[2010.03.17 09:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2013.03.19 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PTC
[2013.05.30 17:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2010.04.09 19:14:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2010.05.02 11:56:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2013.04.06 14:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.17 09:23:09 | 000,000,000 | ---D | M] -- C:\51ebb0d8aeec720a19d9
[2011.11.14 10:51:24 | 000,000,000 | ---D | M] -- C:\a5e841df23b07e470d2b08d4f945
[2010.02.26 17:13:41 | 000,000,000 | ---D | M] -- C:\Compaq
[2013.05.20 13:49:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.02.26 17:15:46 | 000,000,000 | ---D | M] -- C:\CPQAPPS
[2011.01.10 12:42:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.02.27 01:09:00 | 000,000,000 | ---D | M] -- C:\i386
[2010.04.11 13:33:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.03.26 18:57:59 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013.04.06 14:22:44 | 000,000,000 | R--D | M] -- C:\Programme
[2010.03.02 14:13:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013.03.28 11:35:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.26 17:22:13 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010.03.16 19:33:03 | 000,000,000 | ---D | M] -- C:\temp
[2013.06.04 19:06:31 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2002.08.29 03:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2002.11.02 18:42:10 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.12.28 15:45:58 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001.08.17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 16:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\i386\sp1.cab:atapi.sys
[2002.08.29 10:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010.04.11 13:48:05 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.17 22:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2002.11.03 02:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2002.11.03 02:17:50 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2002.11.03 02:17:50 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.06.04 19:58:56 | 005,505,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat
[2013.06.04 19:59:01 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2013.06.04 19:15:07 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.02.26 17:15:56 | 000,001,689 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\OCA_LOG.TXT
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
und EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 19:56:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 78,93% Memory free
4,85 Gb Paging File | 4,48 Gb Available in Paging File | 92,33% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 6,65 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
 
Computer Name: MHT11 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1087:TCP" = 1087:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc10_tmp.exe:*:Enabled:ptc10_tmp
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ptc31_tmp.exe:*:Enabled:ptc31_tmp
"C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe" = C:\Programme\PTC\ProE2001\i486_nt\nms\nmsd.exe:*:Enabled:nmsd
"C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\xtop.exe:*:Enabled:xtop
"C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe" = C:\Programme\PTC\ProE2001\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Utility Installation Program
"{350612EB-55FE-47DC-8E07-197B2409909B}" = Cisco AnyConnect Secure Mobility Client
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5783F2D7-0201-0407-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Unterstützung
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FACF203E-0F4D-489A-B80C-D185253C8FCB}" = Autodesk Design Review 2008
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CdaC13Ba" = SafeCast Shared Components
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"ie8" = Windows Internet Explorer 8
"InstallShield_{27F8D5CE-421C-4324-8402-4D551A364F5F}" = BearPaw 2400CU Plus web V1.2
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 2.0 Datecode M280" = Pro/ENGINEER Release Wildfire 2.0 Datecode M280
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Software Setup" = Software Setup
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"System Doctor 2014" = System Doctor 2014
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 31.05.2013 10:14:10 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341
 (0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
 Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
 WINDOWS_ERROR_CODE 
 
Error - 04.06.2013 13:15:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 04.06.2013 13:16:05 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142
Invoked
 Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>.
 
Error - 04.06.2013 13:16:07 | Computer Name = MHT11 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 332
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 04.06.2013 13:16:08 | Computer Name = MHT11 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1351 NULL object. Cannot establish a connection at this time.
 
Error - 04.06.2013 13:17:09 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 04.06.2013 13:20:55 | Computer Name = MHT11 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ System Events ]
Error - 04.06.2013 13:07:13 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung
 für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht
 gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Cisco AnyConnect Secure Mobility Agent" ist vom Dienst
 "TCP/IP-Protokolltreiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 04.06.2013 13:08:13 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  Fips  i8042prt  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  SCDEmu  ssmdrv
Tcpip
 
Error - 04.06.2013 13:15:05 | Computer Name = MHT11 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 04.06.2013 13:17:28 | Computer Name = MHT11 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
__________________

Alt 04.06.2013, 19:27   #4
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SD2014] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe ()
O4 - HKCU..\Run: [wecolbpn] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\dheuxhup.exe" File not found
[2013.05.30 17:32:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014
[2013.05.30 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa
[2013.06.04 19:18:23 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url
[2013.05.30 14:39:00 | 000,045,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.06.2013, 19:28   #5
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Sorry für den Doppelpost :/


Alt 04.06.2013, 19:29   #6
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



kein Problem, siehe meinen letzten Post
__________________
--> Wie System Doctor 2014 auf WinXp entfernen

Alt 04.06.2013, 19:34   #7
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



So... hier der Inhalt der xxxxxxxx.txt

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SD2014 deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa\Ri4aa.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wecolbpn deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\System Doctor 2014 folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ri4aa folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\System Doctor 2014 support.url moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\xvnsfelj moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1907098835 bytes
->Temporary Internet Files folder emptied: 14681556 bytes
->FireFox cache emptied: 245135952 bytes
->Flash cache emptied: 6292 bytes
 
User: All Users
 
User: d6b91b40cd21778a2604dd912a823c
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36373376 bytes
RecycleBin emptied: 1738508 bytes
 
Total Files Cleaned = 2.103,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_202900

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2c0.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 05.06.2013, 00:30   #8
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Upload fehlt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 08:55   #9
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hallo,

Sorry, das mit dem Upload hatte ich gestern übersehen. Der Zip-Ordner ist nun hochgeladen... auch wenn ich gerade nicht weiß, wohin :/

Alt 05.06.2013, 11:17   #10
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



ok.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 18:50   #11
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hallo MarkusG,

Ich komme heute leider nicht mehr dazu, das gewünschte Programm zu installieren. (Der Rechner gehört meinen Eltern und ich komme erst am Freitag wieder hin)
Würde mich freuen, wenn du mich weiterhin unterstützt.
Aber trotzdem erstmal: TAUSEND DANK

Alt 05.06.2013, 18:53   #12
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



ist ok, morgen bin ich nur sporadisch online, und dann erst wieder sonnabend
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.06.2013, 16:32   #13
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Hallo, ich habe jetzt TDSSKiller durchlaufen lassen und es kam auch ein Treffen. Habe diesen mit Skip übersprungen...

Hier der Inhalt des Log-files:
Code:
ATTFilter
17:28:54.0937 3952  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:28:55.0156 3952  ============================================================
17:28:55.0156 3952  Current date / time: 2013/06/07 17:28:55.0156
17:28:55.0156 3952  SystemInfo:
17:28:55.0156 3952  
17:28:55.0156 3952  OS Version: 5.1.2600 ServicePack: 3.0
17:28:55.0156 3952  Product type: Workstation
17:28:55.0156 3952  ComputerName: MHT11
17:28:55.0156 3952  UserName: Administrator
17:28:55.0156 3952  Windows directory: C:\WINDOWS
17:28:55.0156 3952  System windows directory: C:\WINDOWS
17:28:55.0156 3952  Processor architecture: Intel x86
17:28:55.0156 3952  Number of processors: 1
17:28:55.0156 3952  Page size: 0x1000
17:28:55.0156 3952  Boot type: Normal boot
17:28:55.0156 3952  ============================================================
17:28:57.0078 3952  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:28:57.0093 3952  ============================================================
17:28:57.0093 3952  \Device\Harddisk0\DR0:
17:28:57.0093 3952  MBR partitions:
17:28:57.0093 3952  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
17:28:57.0093 3952  ============================================================
17:28:57.0109 3952  C: <-> \Device\Harddisk0\DR0\Partition1
17:28:57.0125 3952  ============================================================
17:28:57.0125 3952  Initialize success
17:28:57.0125 3952  ============================================================
17:29:04.0859 3556  ============================================================
17:29:04.0859 3556  Scan started
17:29:04.0859 3556  Mode: Manual; 
17:29:04.0859 3556  ============================================================
17:29:05.0218 3556  ================ Scan system memory ========================
17:29:05.0218 3556  System memory - ok
17:29:05.0234 3556  ================ Scan services =============================
17:29:05.0390 3556  Abiosdsk - ok
17:29:05.0406 3556  abp480n5 - ok
17:29:05.0468 3556  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
17:29:05.0484 3556  ac97intc - ok
17:29:05.0531 3556  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
17:29:05.0531 3556  ACPI - ok
17:29:05.0562 3556  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:29:05.0562 3556  ACPIEC - ok
17:29:05.0609 3556  [ A9F02264C4A52CC667E7B8799514C877 ] ACS             C:\WINDOWS\system32\acs.exe
17:29:05.0625 3556  ACS - ok
17:29:05.0671 3556  [ D2523D28674B03976AFC1AB6EF712F27 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
17:29:05.0671 3556  acsint - ok
17:29:05.0703 3556  [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
17:29:05.0718 3556  acsmux - ok
17:29:05.0828 3556  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:05.0859 3556  AdobeFlashPlayerUpdateSvc - ok
17:29:05.0906 3556  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\System32\DRIVERS\adpu160m.sys
17:29:05.0921 3556  adpu160m - ok
17:29:05.0953 3556  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\System32\DRIVERS\adpu320.sys
17:29:05.0968 3556  adpu320 - ok
17:29:06.0000 3556  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:29:06.0031 3556  aec - ok
17:29:06.0062 3556  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:06.0078 3556  AegisP - ok
17:29:06.0125 3556  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:29:06.0156 3556  AFD - ok
17:29:06.0203 3556  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:29:06.0218 3556  agp440 - ok
17:29:06.0234 3556  Aha154x - ok
17:29:06.0281 3556  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\System32\DRIVERS\aic78u2.sys
17:29:06.0281 3556  aic78u2 - ok
17:29:06.0312 3556  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\System32\DRIVERS\aic78xx.sys
17:29:06.0328 3556  aic78xx - ok
17:29:06.0593 3556  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll
17:29:06.0593 3556  Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
17:29:06.0640 3556  Akamai ( HiddenFile.Multi.Generic ) - warning
17:29:06.0640 3556  Akamai - detected HiddenFile.Multi.Generic (1)
17:29:06.0671 3556  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:29:06.0687 3556  Alerter - ok
17:29:06.0718 3556  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
17:29:06.0718 3556  ALG - ok
17:29:06.0734 3556  AliIde - ok
17:29:06.0750 3556  amsint - ok
17:29:06.0843 3556  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
17:29:06.0875 3556  AntiVirSchedulerService - ok
17:29:06.0921 3556  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:29:06.0937 3556  AntiVirService - ok
17:29:06.0984 3556  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:29:07.0000 3556  AppMgmt - ok
17:29:07.0046 3556  [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523          C:\WINDOWS\system32\DRIVERS\ar5523.sys
17:29:07.0046 3556  AR5523 - ok
17:29:07.0062 3556  asc - ok
17:29:07.0078 3556  asc3350p - ok
17:29:07.0093 3556  asc3550 - ok
17:29:07.0187 3556  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:29:07.0250 3556  aspnet_state - ok
17:29:07.0296 3556  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:07.0312 3556  AsyncMac - ok
17:29:07.0328 3556  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
17:29:07.0343 3556  atapi - ok
17:29:07.0359 3556  Atdisk - ok
17:29:07.0406 3556  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:07.0421 3556  Atmarpc - ok
17:29:07.0453 3556  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:29:07.0468 3556  AudioSrv - ok
17:29:07.0515 3556  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:07.0515 3556  audstub - ok
17:29:07.0593 3556  [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
17:29:07.0609 3556  Autodesk Licensing Service - ok
17:29:07.0656 3556  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:29:07.0671 3556  avgntflt - ok
17:29:07.0718 3556  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:29:07.0734 3556  avipbb - ok
17:29:07.0765 3556  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:29:07.0765 3556  avkmgr - ok
17:29:07.0812 3556  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:29:07.0812 3556  Beep - ok
17:29:07.0875 3556  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:29:07.0906 3556  BITS - ok
17:29:07.0953 3556  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
17:29:07.0968 3556  Browser - ok
17:29:08.0015 3556  [ 9BDBDA21D3BA8E374FD06A405BE10215 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
17:29:08.0031 3556  C-DillaCdaC11BA - ok
17:29:08.0062 3556  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:08.0062 3556  cbidf2k - ok
17:29:08.0093 3556  cd20xrnt - ok
17:29:08.0140 3556  [ F76CB7259AA575CC53F3996BC6B68C18 ] CdaC15BA        C:\WINDOWS\system32\drivers\CDAC15BA.SYS
17:29:08.0140 3556  CdaC15BA - ok
17:29:08.0203 3556  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:08.0218 3556  Cdaudio - ok
17:29:08.0250 3556  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:08.0265 3556  Cdfs - ok
17:29:08.0296 3556  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:08.0312 3556  Cdrom - ok
17:29:08.0328 3556  Changer - ok
17:29:08.0375 3556  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:29:08.0390 3556  CiSvc - ok
17:29:08.0421 3556  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:29:08.0453 3556  ClipSrv - ok
17:29:08.0515 3556  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:08.0750 3556  clr_optimization_v2.0.50727_32 - ok
17:29:08.0765 3556  CmdIde - ok
17:29:08.0812 3556  COMSysApp - ok
17:29:08.0843 3556  Cpqarray - ok
17:29:08.0890 3556  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:29:08.0906 3556  CryptSvc - ok
17:29:08.0937 3556  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:29:08.0953 3556  CVirtA - ok
17:29:09.0046 3556  [ D4A26B0926171DC4F969955D157D1311 ] CVPND           C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
17:29:09.0125 3556  CVPND - ok
17:29:09.0187 3556  [ C23025AC5AE45A105D63BD6E2408EDD4 ] CVPNDRVA        C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:29:09.0218 3556  CVPNDRVA - ok
17:29:09.0234 3556  dac2w2k - ok
17:29:09.0250 3556  dac960nt - ok
17:29:09.0296 3556  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:29:09.0312 3556  DcomLaunch - ok
17:29:09.0343 3556  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:29:09.0359 3556  Dhcp - ok
17:29:09.0406 3556  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:09.0406 3556  Disk - ok
17:29:09.0421 3556  dmadmin - ok
17:29:09.0484 3556  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:29:09.0546 3556  dmboot - ok
17:29:09.0578 3556  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:29:09.0593 3556  dmio - ok
17:29:09.0656 3556  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:29:09.0671 3556  dmload - ok
17:29:09.0703 3556  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:29:09.0718 3556  dmserver - ok
17:29:09.0765 3556  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:29:09.0781 3556  DMusic - ok
17:29:09.0828 3556  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:29:09.0828 3556  DNE - ok
17:29:09.0890 3556  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:29:09.0906 3556  Dnscache - ok
17:29:09.0953 3556  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:29:09.0968 3556  Dot3svc - ok
17:29:10.0000 3556  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\System32\DRIVERS\dpti2o.sys
17:29:10.0031 3556  dpti2o - ok
17:29:10.0046 3556  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:10.0062 3556  drmkaud - ok
17:29:10.0140 3556  [ FE9CB643A034285031502D3369E5A869 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:29:10.0140 3556  E100B - ok
17:29:10.0203 3556  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:29:10.0234 3556  EapHost - ok
17:29:10.0343 3556  [ 53CE0799C9384CAC99942FF032285F21 ] eaps2kbd        C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
17:29:10.0359 3556  eaps2kbd - ok
17:29:10.0390 3556  [ E54E3A335B3A03AD0252E50BB92A633C ] EAWDMFD         C:\WINDOWS\system32\drivers\EAWDMFD.sys
17:29:10.0406 3556  EAWDMFD - ok
17:29:10.0468 3556  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:29:10.0484 3556  ERSvc - ok
17:29:10.0531 3556  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
17:29:10.0546 3556  Eventlog - ok
17:29:10.0640 3556  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
17:29:10.0671 3556  EventSystem - ok
17:29:10.0718 3556  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:10.0734 3556  Fastfat - ok
17:29:10.0781 3556  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:29:10.0796 3556  FastUserSwitchingCompatibility - ok
17:29:10.0828 3556  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:29:10.0843 3556  Fdc - ok
17:29:10.0859 3556  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:29:10.0875 3556  Fips - ok
17:29:10.0906 3556  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:29:10.0921 3556  Flpydisk - ok
17:29:10.0968 3556  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:10.0984 3556  FltMgr - ok
17:29:11.0062 3556  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:11.0078 3556  FontCache3.0.0.0 - ok
17:29:11.0125 3556  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:11.0125 3556  Fs_Rec - ok
17:29:11.0156 3556  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:11.0171 3556  Ftdisk - ok
17:29:11.0218 3556  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:11.0234 3556  Gpc - ok
17:29:11.0281 3556  [ 236199389AFDE897F24C7E51AC89C010 ] GT680x          C:\WINDOWS\system32\Drivers\gt680x.sys
17:29:11.0281 3556  GT680x - ok
17:29:11.0390 3556  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:29:11.0406 3556  helpsvc - ok
17:29:11.0437 3556  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:29:11.0453 3556  HidServ - ok
17:29:11.0500 3556  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:11.0500 3556  HidUsb - ok
17:29:11.0546 3556  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:29:11.0562 3556  hkmsvc - ok
17:29:11.0578 3556  hpn - ok
17:29:11.0625 3556  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:11.0640 3556  HTTP - ok
17:29:11.0687 3556  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:29:11.0703 3556  HTTPFilter - ok
17:29:11.0718 3556  i2omgmt - ok
17:29:11.0734 3556  i2omp - ok
17:29:11.0765 3556  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:11.0765 3556  i8042prt - ok
17:29:11.0812 3556  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
17:29:11.0828 3556  i81x - ok
17:29:11.0859 3556  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
17:29:11.0875 3556  iAimFP0 - ok
17:29:11.0906 3556  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
17:29:11.0906 3556  iAimFP1 - ok
17:29:11.0921 3556  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
17:29:11.0937 3556  iAimFP2 - ok
17:29:11.0968 3556  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
17:29:11.0984 3556  iAimFP3 - ok
17:29:12.0000 3556  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
17:29:12.0000 3556  iAimFP4 - ok
17:29:12.0046 3556  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
17:29:12.0062 3556  iAimTV0 - ok
17:29:12.0078 3556  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
17:29:12.0109 3556  iAimTV1 - ok
17:29:12.0125 3556  iAimTV2 - ok
17:29:12.0171 3556  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
17:29:12.0171 3556  iAimTV3 - ok
17:29:12.0218 3556  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
17:29:12.0218 3556  iAimTV4 - ok
17:29:12.0296 3556  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:12.0406 3556  idsvc - ok
17:29:12.0453 3556  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:12.0468 3556  Imapi - ok
17:29:12.0515 3556  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\System32\imapi.exe
17:29:12.0515 3556  ImapiService - ok
17:29:12.0546 3556  ini910u - ok
17:29:12.0578 3556  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\drivers\intelide.sys
17:29:12.0578 3556  IntelIde - ok
17:29:12.0625 3556  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:12.0625 3556  intelppm - ok
17:29:12.0671 3556  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:12.0671 3556  ip6fw - ok
17:29:12.0718 3556  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:12.0734 3556  IpFilterDriver - ok
17:29:12.0765 3556  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:12.0765 3556  IpInIp - ok
17:29:12.0781 3556  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:12.0796 3556  IpNat - ok
17:29:12.0828 3556  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:12.0843 3556  IPSec - ok
17:29:12.0875 3556  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:12.0890 3556  IRENUM - ok
17:29:12.0937 3556  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
17:29:12.0937 3556  isapnp - ok
17:29:12.0968 3556  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:12.0968 3556  Kbdclass - ok
17:29:13.0031 3556  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:29:13.0031 3556  kbdhid - ok
17:29:13.0062 3556  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:29:13.0093 3556  kmixer - ok
17:29:13.0125 3556  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:13.0156 3556  KSecDD - ok
17:29:13.0203 3556  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:29:13.0218 3556  lanmanserver - ok
17:29:13.0265 3556  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:29:13.0281 3556  lanmanworkstation - ok
17:29:13.0312 3556  lbrtfdc - ok
17:29:13.0359 3556  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:29:13.0375 3556  LmHosts - ok
17:29:13.0437 3556  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:29:13.0453 3556  MDM - ok
17:29:13.0484 3556  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:29:13.0500 3556  Messenger - ok
17:29:13.0531 3556  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:13.0546 3556  mnmdd - ok
17:29:13.0578 3556  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
17:29:13.0593 3556  mnmsrvc - ok
17:29:13.0625 3556  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:29:13.0640 3556  Modem - ok
17:29:13.0671 3556  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:13.0671 3556  Mouclass - ok
17:29:13.0718 3556  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:13.0734 3556  mouhid - ok
17:29:13.0765 3556  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:13.0765 3556  MountMgr - ok
17:29:13.0781 3556  mraid35x - ok
17:29:13.0812 3556  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:13.0843 3556  MRxDAV - ok
17:29:13.0906 3556  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:13.0937 3556  MRxSmb - ok
17:29:13.0984 3556  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:29:14.0000 3556  MSDTC - ok
17:29:14.0031 3556  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:29:14.0031 3556  Msfs - ok
17:29:14.0046 3556  MSIServer - ok
17:29:14.0093 3556  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:14.0109 3556  MSKSSRV - ok
17:29:14.0140 3556  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:14.0140 3556  MSPCLOCK - ok
17:29:14.0171 3556  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:14.0171 3556  MSPQM - ok
17:29:14.0203 3556  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:14.0203 3556  mssmbios - ok
17:29:14.0250 3556  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:29:14.0265 3556  Mup - ok
17:29:14.0328 3556  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:29:14.0359 3556  napagent - ok
17:29:14.0406 3556  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:29:14.0437 3556  NDIS - ok
17:29:14.0468 3556  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:14.0484 3556  NdisTapi - ok
17:29:14.0500 3556  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:14.0515 3556  Ndisuio - ok
17:29:14.0546 3556  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:14.0546 3556  NdisWan - ok
17:29:14.0578 3556  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:14.0593 3556  NDProxy - ok
17:29:14.0625 3556  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:14.0640 3556  NetBIOS - ok
17:29:14.0687 3556  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:14.0703 3556  NetBT - ok
17:29:14.0750 3556  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:29:14.0781 3556  NetDDE - ok
17:29:14.0796 3556  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:29:14.0796 3556  NetDDEdsdm - ok
17:29:14.0843 3556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\System32\lsass.exe
17:29:14.0843 3556  Netlogon - ok
17:29:14.0875 3556  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
17:29:14.0906 3556  Netman - ok
17:29:14.0937 3556  [ 562E15CE8A98282F241E03829657E344 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:29:14.0968 3556  NetTcpPortSharing - ok
17:29:15.0000 3556  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:29:15.0000 3556  Nla - ok
17:29:15.0046 3556  [ 419F4D80FE7E34E2626C84B3C6035955 ] NMSCFG          C:\WINDOWS\system32\drivers\NMSCFG.SYS
17:29:15.0062 3556  NMSCFG - ok
17:29:15.0109 3556  [ EEEA4A259891D43FEC7C25E45973740D ] NMSSvc          C:\WINDOWS\System32\NMSSvc.exe
17:29:15.0171 3556  NMSSvc - ok
17:29:15.0218 3556  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:29:15.0218 3556  Npfs - ok
17:29:15.0281 3556  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:15.0609 3556  Ntfs - ok
17:29:15.0640 3556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
17:29:15.0656 3556  NtLmSsp - ok
17:29:16.0125 3556  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:29:16.0234 3556  NtmsSvc - ok
17:29:16.0296 3556  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:29:16.0343 3556  Null - ok
17:29:16.0562 3556  [ C82F94077E2497E6685DA208E2F75B43 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:17.0937 3556  nv - ok
17:29:18.0015 3556  [ 948C21C77FAD271CC6F851FC46029DD4 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:29:18.0046 3556  NVSvc - ok
17:29:18.0078 3556  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:18.0140 3556  NwlnkFlt - ok
17:29:18.0171 3556  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:18.0234 3556  NwlnkFwd - ok
17:29:18.0312 3556  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:29:18.0390 3556  ose - ok
17:29:18.0437 3556  [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
17:29:18.0531 3556  P3 - ok
17:29:18.0578 3556  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:29:18.0578 3556  Parport - ok
17:29:18.0625 3556  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:18.0640 3556  PartMgr - ok
17:29:18.0687 3556  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:18.0734 3556  ParVdm - ok
17:29:18.0765 3556  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\drivers\pci.sys
17:29:18.0781 3556  PCI - ok
17:29:18.0796 3556  PCIDump - ok
17:29:18.0828 3556  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\System32\DRIVERS\pciide.sys
17:29:18.0843 3556  PCIIde - ok
17:29:18.0890 3556  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:29:18.0906 3556  Pcmcia - ok
17:29:18.0921 3556  PDCOMP - ok
17:29:18.0953 3556  PDFRAME - ok
17:29:18.0968 3556  PDRELI - ok
17:29:18.0984 3556  PDRFRAME - ok
17:29:19.0015 3556  perc2 - ok
17:29:19.0062 3556  perc2hib - ok
17:29:19.0140 3556  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
17:29:19.0171 3556  PlugPlay - ok
17:29:19.0187 3556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
17:29:19.0187 3556  PolicyAgent - ok
17:29:19.0250 3556  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:19.0312 3556  PptpMiniport - ok
17:29:19.0328 3556  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\drivers\processr.sys
17:29:19.0390 3556  Processor - ok
17:29:19.0406 3556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:29:19.0406 3556  ProtectedStorage - ok
17:29:19.0437 3556  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:19.0453 3556  PSched - ok
17:29:19.0562 3556  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:19.0562 3556  Ptilink - ok
17:29:19.0578 3556  ql1080 - ok
17:29:19.0593 3556  Ql10wnt - ok
17:29:19.0609 3556  ql12160 - ok
17:29:19.0671 3556  ql1240 - ok
17:29:19.0687 3556  ql1280 - ok
17:29:19.0718 3556  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:19.0765 3556  RasAcd - ok
17:29:19.0812 3556  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:29:19.0859 3556  RasAuto - ok
17:29:19.0875 3556  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:19.0890 3556  Rasl2tp - ok
17:29:19.0937 3556  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:29:19.0953 3556  RasMan - ok
17:29:19.0984 3556  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:19.0984 3556  RasPppoe - ok
17:29:20.0062 3556  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:20.0078 3556  Raspti - ok
17:29:20.0187 3556  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:20.0281 3556  Rdbss - ok
17:29:20.0312 3556  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:20.0343 3556  RDPCDD - ok
17:29:20.0406 3556  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:20.0546 3556  rdpdr - ok
17:29:20.0656 3556  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:20.0796 3556  RDPWD - ok
17:29:20.0906 3556  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:29:21.0062 3556  RDSessMgr - ok
17:29:21.0109 3556  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:21.0156 3556  redbook - ok
17:29:21.0250 3556  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:29:21.0281 3556  RemoteAccess - ok
17:29:21.0359 3556  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:29:21.0390 3556  RemoteRegistry - ok
17:29:21.0421 3556  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
17:29:21.0453 3556  RpcLocator - ok
17:29:21.0625 3556  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:29:21.0625 3556  RpcSs - ok
17:29:21.0781 3556  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
17:29:22.0015 3556  RSVP - ok
17:29:22.0046 3556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:29:22.0046 3556  SamSs - ok
17:29:22.0093 3556  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:29:22.0171 3556  SCardSvr - ok
17:29:22.0250 3556  [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
17:29:22.0250 3556  SCDEmu - ok
17:29:22.0359 3556  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:29:22.0500 3556  Schedule - ok
17:29:22.0609 3556  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:22.0718 3556  Secdrv - ok
17:29:22.0875 3556  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:29:22.0921 3556  seclogon - ok
17:29:23.0015 3556  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
17:29:23.0015 3556  SENS - ok
17:29:23.0093 3556  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:29:23.0125 3556  serenum - ok
17:29:23.0171 3556  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:29:23.0234 3556  Serial - ok
17:29:23.0328 3556  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:23.0375 3556  Sfloppy - ok
17:29:23.0500 3556  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:29:23.0640 3556  SharedAccess - ok
17:29:23.0828 3556  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:29:23.0828 3556  ShellHWDetection - ok
17:29:23.0843 3556  Simbad - ok
17:29:24.0093 3556  [ 4931615EF9543728E0204973BE27B350 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
17:29:24.0140 3556  smwdm - ok
17:29:24.0250 3556  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:29:24.0328 3556  SONYPVU1 - ok
17:29:24.0343 3556  Sparrow - ok
17:29:24.0406 3556  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:29:24.0437 3556  splitter - ok
17:29:24.0562 3556  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:29:24.0578 3556  Spooler - ok
17:29:24.0625 3556  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:24.0718 3556  sr - ok
17:29:24.0937 3556  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\System32\srsvc.dll
17:29:25.0062 3556  srservice - ok
17:29:25.0203 3556  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:25.0453 3556  Srv - ok
17:29:25.0578 3556  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:29:25.0593 3556  SSDPSRV - ok
17:29:25.0828 3556  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:29:25.0843 3556  ssmdrv - ok
17:29:25.0984 3556  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:29:26.0281 3556  stisvc - ok
17:29:26.0343 3556  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:26.0375 3556  swenum - ok
17:29:26.0406 3556  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:29:26.0484 3556  swmidi - ok
17:29:26.0500 3556  SwPrv - ok
17:29:26.0593 3556  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\System32\DRIVERS\symc810.sys
17:29:26.0656 3556  symc810 - ok
17:29:26.0750 3556  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\System32\DRIVERS\symc8xx.sys
17:29:26.0812 3556  symc8xx - ok
17:29:26.0859 3556  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\System32\DRIVERS\symmpi.sys
17:29:26.0921 3556  Symmpi - ok
17:29:26.0984 3556  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\System32\DRIVERS\sym_hi.sys
17:29:27.0078 3556  sym_hi - ok
17:29:27.0125 3556  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\System32\DRIVERS\sym_u3.sys
17:29:27.0187 3556  sym_u3 - ok
17:29:27.0218 3556  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:27.0265 3556  sysaudio - ok
17:29:27.0343 3556  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:29:27.0437 3556  SysmonLog - ok
17:29:27.0546 3556  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:29:27.0578 3556  TapiSrv - ok
17:29:27.0750 3556  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:28.0359 3556  Tcpip - ok
17:29:28.0421 3556  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:28.0437 3556  TDPIPE - ok
17:29:30.0281 3556  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:30.0328 3556  TDTCP - ok
17:29:30.0390 3556  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:30.0437 3556  TermDD - ok
17:29:30.0515 3556  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:29:30.0906 3556  TermService - ok
17:29:30.0968 3556  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:29:30.0968 3556  Themes - ok
17:29:31.0015 3556  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
17:29:31.0062 3556  TlntSvr - ok
17:29:31.0078 3556  TosIde - ok
17:29:31.0140 3556  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:29:31.0234 3556  TrkWks - ok
17:29:31.0281 3556  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:29:31.0296 3556  Udfs - ok
17:29:31.0296 3556  ultra - ok
17:29:31.0390 3556  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:29:31.0500 3556  Update - ok
17:29:31.0546 3556  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:29:31.0609 3556  upnphost - ok
17:29:31.0640 3556  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
17:29:31.0656 3556  UPS - ok
17:29:31.0703 3556  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:31.0718 3556  usbccgp - ok
17:29:31.0781 3556  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:31.0796 3556  usbehci - ok
17:29:31.0828 3556  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:31.0843 3556  usbhub - ok
17:29:31.0859 3556  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:29:31.0875 3556  usbohci - ok
17:29:31.0937 3556  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:29:31.0937 3556  usbprint - ok
17:29:32.0000 3556  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:29:32.0015 3556  usbscan - ok
17:29:32.0046 3556  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:32.0062 3556  USBSTOR - ok
17:29:32.0093 3556  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:29:32.0109 3556  usbuhci - ok
17:29:32.0125 3556  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:29:32.0140 3556  VgaSave - ok
17:29:32.0171 3556  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\System32\DRIVERS\viaide.sys
17:29:32.0187 3556  ViaIde - ok
17:29:32.0203 3556  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:29:32.0218 3556  VolSnap - ok
17:29:32.0328 3556  [ 4D8FC912E146DE0115392381C7114588 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
17:29:32.0359 3556  vpnagent - ok
17:29:32.0390 3556  [ EA39F36302DACBCDCDB113313718E768 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
17:29:32.0406 3556  vpnva - ok
17:29:32.0484 3556  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:29:32.0515 3556  VSS - ok
17:29:32.0562 3556  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\System32\w32time.dll
17:29:32.0578 3556  W32Time - ok
17:29:32.0609 3556  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:29:32.0625 3556  Wanarp - ok
17:29:32.0640 3556  WDICA - ok
17:29:32.0687 3556  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:29:32.0703 3556  wdmaud - ok
17:29:32.0750 3556  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:29:32.0765 3556  WebClient - ok
17:29:32.0859 3556  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:29:32.0875 3556  winmgmt - ok
17:29:32.0937 3556  [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
17:29:32.0953 3556  WmdmPmSN - ok
17:29:33.0000 3556  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:29:33.0015 3556  Wmi - ok
17:29:33.0078 3556  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:29:33.0093 3556  WmiApSrv - ok
17:29:33.0125 3556  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:29:33.0140 3556  wscsvc - ok
17:29:33.0171 3556  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:29:33.0171 3556  wuauserv - ok
17:29:33.0250 3556  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:29:33.0312 3556  WZCSVC - ok
17:29:33.0359 3556  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:29:33.0375 3556  xmlprov - ok
17:29:33.0421 3556  ================ Scan global ===============================
17:29:33.0484 3556  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
17:29:33.0546 3556  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:29:33.0593 3556  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
17:29:33.0609 3556  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
17:29:33.0625 3556  [Global] - ok
17:29:33.0625 3556  ================ Scan MBR ==================================
17:29:33.0656 3556  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:29:33.0812 3556  \Device\Harddisk0\DR0 - ok
17:29:33.0828 3556  ================ Scan VBR ==================================
17:29:33.0828 3556  [ B89140E403890EBD880A4B948F442633 ] \Device\Harddisk0\DR0\Partition1
17:29:33.0828 3556  \Device\Harddisk0\DR0\Partition1 - ok
17:29:33.0843 3556  ============================================================
17:29:33.0843 3556  Scan finished
17:29:33.0843 3556  ============================================================
17:29:33.0859 0392  Detected object count: 1
17:29:33.0859 0392  Actual detected object count: 1
17:30:10.0031 0392  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:30:10.0031 0392  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
         
viele Grüsse,
Astalavista

Alt 08.06.2013, 17:03   #14
markusg
/// Malware-holic
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



bitte tdss killer konfigurieren wie in der anleitung, erneut ausführen, Log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.06.2013, 10:41   #15
astalavista
 
Wie System Doctor 2014 auf WinXp entfernen - Standard

Wie System Doctor 2014 auf WinXp entfernen



Euweh... wer lesen kann ist klar im Vorteil. Sorry für mein übereiltes Posting.
Hab des Scan nochmal mit modifizierten Einstellungen laufen lassen. Da kamen doch ne ganze Menge Meldungen.
Hier das LOG-File:
Code:
ATTFilter
11:38:06.0765 3916  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:38:07.0156 3916  ============================================================
11:38:07.0156 3916  Current date / time: 2013/06/09 11:38:07.0156
11:38:07.0156 3916  SystemInfo:
11:38:07.0156 3916  
11:38:07.0156 3916  OS Version: 5.1.2600 ServicePack: 3.0
11:38:07.0156 3916  Product type: Workstation
11:38:07.0156 3916  ComputerName: MHT11
11:38:07.0156 3916  UserName: Administrator
11:38:07.0156 3916  Windows directory: C:\WINDOWS
11:38:07.0156 3916  System windows directory: C:\WINDOWS
11:38:07.0156 3916  Processor architecture: Intel x86
11:38:07.0171 3916  Number of processors: 1
11:38:07.0171 3916  Page size: 0x1000
11:38:07.0171 3916  Boot type: Normal boot
11:38:07.0171 3916  ============================================================
11:38:09.0171 3916  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:38:09.0187 3916  ============================================================
11:38:09.0187 3916  \Device\Harddisk0\DR0:
11:38:09.0187 3916  MBR partitions:
11:38:09.0187 3916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
11:38:09.0187 3916  ============================================================
11:38:09.0187 3916  C: <-> \Device\Harddisk0\DR0\Partition1
11:38:09.0187 3916  ============================================================
11:38:09.0187 3916  Initialize success
11:38:09.0187 3916  ============================================================
11:38:36.0093 3432  ============================================================
11:38:36.0093 3432  Scan started
11:38:36.0093 3432  Mode: Manual; SigCheck; TDLFS; 
11:38:36.0093 3432  ============================================================
11:38:38.0218 3432  ================ Scan system memory ========================
11:38:38.0218 3432  System memory - ok
11:38:38.0218 3432  ================ Scan services =============================
11:38:39.0109 3432  Abiosdsk - ok
11:38:39.0125 3432  abp480n5 - ok
11:38:39.0203 3432  [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc        C:\WINDOWS\system32\drivers\ac97intc.sys
11:38:47.0828 3432  ac97intc - ok
11:38:47.0875 3432  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:38:48.0093 3432  ACPI - ok
11:38:48.0125 3432  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:38:48.0312 3432  ACPIEC - ok
11:38:48.0359 3432  [ A9F02264C4A52CC667E7B8799514C877 ] ACS             C:\WINDOWS\system32\acs.exe
11:38:48.0390 3432  ACS ( UnsignedFile.Multi.Generic ) - warning
11:38:48.0390 3432  ACS - detected UnsignedFile.Multi.Generic (1)
11:38:48.0453 3432  [ D2523D28674B03976AFC1AB6EF712F27 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
11:38:48.0546 3432  acsint - ok
11:38:48.0562 3432  [ 9A7D29DAE24A01DCD33D8F563559B3AB ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
11:38:48.0593 3432  acsmux - ok
11:38:48.0687 3432  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:38:48.0734 3432  AdobeFlashPlayerUpdateSvc - ok
11:38:48.0750 3432  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\System32\DRIVERS\adpu160m.sys
11:38:48.0968 3432  adpu160m - ok
11:38:48.0984 3432  [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320         C:\WINDOWS\System32\DRIVERS\adpu320.sys
11:38:49.0062 3432  adpu320 ( UnsignedFile.Multi.Generic ) - warning
11:38:49.0062 3432  adpu320 - detected UnsignedFile.Multi.Generic (1)
11:38:49.0125 3432  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:38:49.0437 3432  aec - ok
11:38:49.0468 3432  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:38:49.0500 3432  AegisP ( UnsignedFile.Multi.Generic ) - warning
11:38:49.0500 3432  AegisP - detected UnsignedFile.Multi.Generic (1)
11:38:49.0546 3432  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:38:49.0625 3432  AFD - ok
11:38:49.0656 3432  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
11:38:49.0859 3432  agp440 - ok
11:38:49.0875 3432  Aha154x - ok
11:38:49.0906 3432  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\System32\DRIVERS\aic78u2.sys
11:38:50.0125 3432  aic78u2 - ok
11:38:50.0140 3432  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\System32\DRIVERS\aic78xx.sys
11:38:50.0375 3432  aic78xx - ok
11:38:50.0671 3432  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll
11:38:50.0671 3432  Suspicious file (Hidden): c:\programme\gemeinsame dateien\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
11:38:50.0703 3432  Akamai ( HiddenFile.Multi.Generic ) - warning
11:38:50.0703 3432  Akamai - detected HiddenFile.Multi.Generic (1)
11:38:50.0750 3432  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:38:50.0968 3432  Alerter - ok
11:38:50.0984 3432  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
11:38:51.0171 3432  ALG - ok
11:38:51.0187 3432  AliIde - ok
11:38:51.0203 3432  amsint - ok
11:38:51.0281 3432  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:38:51.0343 3432  AntiVirSchedulerService - ok
11:38:51.0375 3432  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:38:51.0421 3432  AntiVirService - ok
11:38:51.0484 3432  [ D45960BE52C3C610D361977057F98C54 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:38:51.0828 3432  AppMgmt - ok
11:38:51.0921 3432  [ 5AF581BB431FB7A952216AD01795EF4E ] AR5523          C:\WINDOWS\system32\DRIVERS\ar5523.sys
11:38:52.0125 3432  AR5523 ( UnsignedFile.Multi.Generic ) - warning
11:38:52.0125 3432  AR5523 - detected UnsignedFile.Multi.Generic (1)
11:38:52.0125 3432  asc - ok
11:38:52.0140 3432  asc3350p - ok
11:38:52.0156 3432  asc3550 - ok
11:38:52.0234 3432  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:38:52.0328 3432  aspnet_state - ok
11:38:52.0375 3432  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:38:52.0562 3432  AsyncMac - ok
11:38:52.0609 3432  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
11:38:52.0796 3432  atapi - ok
11:38:52.0796 3432  Atdisk - ok
11:38:52.0828 3432  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:38:53.0031 3432  Atmarpc - ok
11:38:53.0062 3432  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:38:53.0250 3432  AudioSrv - ok
11:38:53.0281 3432  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:38:53.0500 3432  audstub - ok
11:38:53.0562 3432  [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
11:38:53.0609 3432  Autodesk Licensing Service - ok
11:38:53.0640 3432  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:38:53.0687 3432  avgntflt - ok
11:38:53.0718 3432  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:38:53.0750 3432  avipbb - ok
11:38:53.0796 3432  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:38:53.0828 3432  avkmgr - ok
11:38:53.0859 3432  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:38:54.0078 3432  Beep - ok
11:38:54.0171 3432  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:38:54.0531 3432  BITS - ok
11:38:54.0593 3432  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
11:38:54.0718 3432  Browser - ok
11:38:54.0812 3432  [ 9BDBDA21D3BA8E374FD06A405BE10215 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
11:38:54.0843 3432  C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - warning
11:38:54.0843 3432  C-DillaCdaC11BA - detected UnsignedFile.Multi.Generic (1)
11:38:54.0890 3432  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:38:55.0109 3432  cbidf2k - ok
11:38:55.0109 3432  cd20xrnt - ok
11:38:55.0156 3432  [ F76CB7259AA575CC53F3996BC6B68C18 ] CdaC15BA        C:\WINDOWS\system32\drivers\CDAC15BA.SYS
11:38:55.0171 3432  CdaC15BA ( UnsignedFile.Multi.Generic ) - warning
11:38:55.0171 3432  CdaC15BA - detected UnsignedFile.Multi.Generic (1)
11:38:55.0218 3432  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:38:55.0453 3432  Cdaudio - ok
11:38:55.0531 3432  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:38:55.0734 3432  Cdfs - ok
11:38:55.0750 3432  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:38:55.0953 3432  Cdrom - ok
11:38:55.0953 3432  Changer - ok
11:38:56.0000 3432  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:38:56.0187 3432  CiSvc - ok
11:38:56.0203 3432  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:38:56.0390 3432  ClipSrv - ok
11:38:56.0437 3432  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:56.0671 3432  clr_optimization_v2.0.50727_32 - ok
11:38:56.0671 3432  CmdIde - ok
11:38:56.0687 3432  COMSysApp - ok
11:38:56.0734 3432  Cpqarray - ok
11:38:56.0781 3432  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:38:57.0062 3432  CryptSvc - ok
11:38:57.0093 3432  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:38:57.0171 3432  CVirtA - ok
11:38:57.0281 3432  [ D4A26B0926171DC4F969955D157D1311 ] CVPND           C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
11:38:57.0468 3432  CVPND - ok
11:38:57.0531 3432  [ C23025AC5AE45A105D63BD6E2408EDD4 ] CVPNDRVA        C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:38:57.0593 3432  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:38:57.0593 3432  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:38:57.0593 3432  dac2w2k - ok
11:38:57.0609 3432  dac960nt - ok
11:38:57.0656 3432  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:38:57.0781 3432  DcomLaunch - ok
11:38:57.0828 3432  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:38:58.0031 3432  Dhcp - ok
11:38:58.0062 3432  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:38:58.0250 3432  Disk - ok
11:38:58.0265 3432  dmadmin - ok
11:38:58.0312 3432  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:38:58.0593 3432  dmboot - ok
11:38:58.0625 3432  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:38:58.0828 3432  dmio - ok
11:38:58.0875 3432  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:38:59.0093 3432  dmload - ok
11:38:59.0140 3432  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:38:59.0406 3432  dmserver - ok
11:38:59.0484 3432  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:38:59.0703 3432  DMusic - ok
11:38:59.0750 3432  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:38:59.0796 3432  DNE - ok
11:38:59.0843 3432  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:39:00.0046 3432  Dnscache - ok
11:39:00.0093 3432  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:39:00.0312 3432  Dot3svc - ok
11:39:00.0343 3432  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\System32\DRIVERS\dpti2o.sys
11:39:00.0546 3432  dpti2o - ok
11:39:00.0578 3432  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:39:00.0750 3432  drmkaud - ok
11:39:00.0796 3432  [ FE9CB643A034285031502D3369E5A869 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:39:00.0859 3432  E100B - ok
11:39:00.0921 3432  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:39:01.0125 3432  EapHost - ok
11:39:01.0171 3432  [ 53CE0799C9384CAC99942FF032285F21 ] eaps2kbd        C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
11:39:01.0218 3432  eaps2kbd - ok
11:39:01.0250 3432  [ E54E3A335B3A03AD0252E50BB92A633C ] EAWDMFD         C:\WINDOWS\system32\drivers\EAWDMFD.sys
11:39:01.0281 3432  EAWDMFD - ok
11:39:01.0312 3432  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:39:01.0515 3432  ERSvc - ok
11:39:01.0562 3432  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
11:39:01.0625 3432  Eventlog - ok
11:39:01.0671 3432  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\System32\es.dll
11:39:01.0875 3432  EventSystem - ok
11:39:01.0921 3432  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:39:02.0265 3432  Fastfat - ok
11:39:02.0328 3432  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:39:02.0453 3432  FastUserSwitchingCompatibility - ok
11:39:02.0484 3432  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:39:02.0718 3432  Fdc - ok
11:39:02.0734 3432  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:39:03.0062 3432  Fips - ok
11:39:03.0078 3432  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:39:03.0265 3432  Flpydisk - ok
11:39:03.0312 3432  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:39:03.0578 3432  FltMgr - ok
11:39:03.0656 3432  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:39:03.0687 3432  FontCache3.0.0.0 - ok
11:39:03.0734 3432  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:39:03.0937 3432  Fs_Rec - ok
11:39:03.0984 3432  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:39:04.0203 3432  Ftdisk - ok
11:39:04.0250 3432  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:39:04.0453 3432  Gpc - ok
11:39:04.0500 3432  [ 236199389AFDE897F24C7E51AC89C010 ] GT680x          C:\WINDOWS\system32\Drivers\gt680x.sys
11:39:04.0562 3432  GT680x - ok
11:39:04.0671 3432  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:39:04.0890 3432  helpsvc - ok
11:39:04.0953 3432  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:39:05.0171 3432  HidServ - ok
11:39:05.0218 3432  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:39:05.0453 3432  HidUsb - ok
11:39:05.0515 3432  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:39:05.0906 3432  hkmsvc - ok
11:39:05.0906 3432  hpn - ok
11:39:05.0968 3432  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:39:06.0031 3432  HTTP - ok
11:39:06.0062 3432  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:39:06.0281 3432  HTTPFilter - ok
11:39:06.0281 3432  i2omgmt - ok
11:39:06.0296 3432  i2omp - ok
11:39:06.0328 3432  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:39:06.0546 3432  i8042prt - ok
11:39:06.0609 3432  [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x            C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
11:39:06.0906 3432  i81x - ok
11:39:06.0937 3432  [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0         C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
11:39:07.0140 3432  iAimFP0 - ok
11:39:07.0156 3432  [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1         C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
11:39:07.0406 3432  iAimFP1 - ok
11:39:07.0437 3432  [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2         C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
11:39:07.0656 3432  iAimFP2 - ok
11:39:07.0734 3432  [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3         C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
11:39:07.0968 3432  iAimFP3 - ok
11:39:08.0000 3432  [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4         C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
11:39:08.0250 3432  iAimFP4 - ok
11:39:08.0296 3432  [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0         C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
11:39:08.0593 3432  iAimTV0 - ok
11:39:08.0609 3432  [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1         C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
11:39:08.0796 3432  iAimTV1 - ok
11:39:08.0812 3432  iAimTV2 - ok
11:39:08.0843 3432  [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3         C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
11:39:09.0031 3432  iAimTV3 - ok
11:39:09.0062 3432  [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4         C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
11:39:09.0343 3432  iAimTV4 - ok
11:39:09.0468 3432  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:39:09.0656 3432  idsvc - ok
11:39:09.0703 3432  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:39:10.0046 3432  Imapi - ok
11:39:10.0093 3432  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\System32\imapi.exe
11:39:10.0296 3432  ImapiService - ok
11:39:10.0312 3432  ini910u - ok
11:39:10.0328 3432  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\drivers\intelide.sys
11:39:10.0531 3432  IntelIde - ok
11:39:10.0578 3432  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:39:10.0796 3432  intelppm - ok
11:39:10.0843 3432  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:39:11.0125 3432  ip6fw - ok
11:39:11.0156 3432  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:39:11.0406 3432  IpFilterDriver - ok
11:39:11.0437 3432  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:39:11.0609 3432  IpInIp - ok
11:39:11.0625 3432  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:39:11.0812 3432  IpNat - ok
11:39:11.0859 3432  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:39:12.0015 3432  IPSec - ok
11:39:12.0046 3432  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:39:12.0250 3432  IRENUM - ok
11:39:12.0281 3432  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:39:12.0453 3432  isapnp - ok
11:39:12.0484 3432  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:39:12.0671 3432  Kbdclass - ok
11:39:12.0718 3432  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:39:12.0921 3432  kbdhid - ok
11:39:12.0937 3432  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:39:13.0156 3432  kmixer - ok
11:39:13.0218 3432  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:39:13.0375 3432  KSecDD - ok
11:39:13.0468 3432  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:39:13.0562 3432  lanmanserver - ok
11:39:13.0609 3432  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:39:13.0703 3432  lanmanworkstation - ok
11:39:13.0718 3432  lbrtfdc - ok
11:39:13.0781 3432  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:39:13.0984 3432  LmHosts - ok
11:39:14.0078 3432  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
11:39:14.0125 3432  MDM - ok
11:39:14.0171 3432  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:39:14.0343 3432  Messenger - ok
11:39:14.0375 3432  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:39:14.0609 3432  mnmdd - ok
11:39:14.0656 3432  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
11:39:14.0828 3432  mnmsrvc - ok
11:39:14.0875 3432  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:39:15.0046 3432  Modem - ok
11:39:15.0062 3432  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:39:15.0250 3432  Mouclass - ok
11:39:15.0296 3432  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:39:15.0515 3432  mouhid - ok
11:39:15.0546 3432  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:39:15.0734 3432  MountMgr - ok
11:39:15.0750 3432  mraid35x - ok
11:39:15.0781 3432  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:39:15.0968 3432  MRxDAV - ok
11:39:16.0015 3432  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:39:16.0140 3432  MRxSmb - ok
11:39:16.0203 3432  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:39:16.0421 3432  MSDTC - ok
11:39:16.0468 3432  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:39:16.0812 3432  Msfs - ok
11:39:16.0812 3432  MSIServer - ok
11:39:16.0843 3432  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:39:17.0062 3432  MSKSSRV - ok
11:39:17.0093 3432  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:39:17.0281 3432  MSPCLOCK - ok
11:39:17.0312 3432  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:39:17.0531 3432  MSPQM - ok
11:39:17.0562 3432  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:39:17.0750 3432  mssmbios - ok
11:39:17.0812 3432  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:39:17.0859 3432  Mup - ok
11:39:17.0921 3432  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:39:18.0156 3432  napagent - ok
11:39:18.0203 3432  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:39:18.0406 3432  NDIS - ok
11:39:18.0453 3432  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:39:18.0531 3432  NdisTapi - ok
11:39:18.0546 3432  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:39:18.0750 3432  Ndisuio - ok
11:39:18.0781 3432  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:39:19.0046 3432  NdisWan - ok
11:39:19.0093 3432  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:39:19.0187 3432  NDProxy - ok
11:39:19.0234 3432  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:39:19.0484 3432  NetBIOS - ok
11:39:19.0546 3432  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:39:19.0875 3432  NetBT - ok
11:39:19.0921 3432  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:39:20.0281 3432  NetDDE - ok
11:39:20.0296 3432  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:39:20.0921 3432  NetDDEdsdm - ok
11:39:20.0968 3432  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\System32\lsass.exe
11:39:21.0234 3432  Netlogon - ok
11:39:21.0281 3432  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
11:39:21.0656 3432  Netman - ok
11:39:21.0734 3432  [ 562E15CE8A98282F241E03829657E344 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:39:21.0765 3432  NetTcpPortSharing - ok
11:39:21.0812 3432  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:39:21.0921 3432  Nla - ok
11:39:21.0968 3432  [ 419F4D80FE7E34E2626C84B3C6035955 ] NMSCFG          C:\WINDOWS\system32\drivers\NMSCFG.SYS
11:39:22.0015 3432  NMSCFG ( UnsignedFile.Multi.Generic ) - warning
11:39:22.0015 3432  NMSCFG - detected UnsignedFile.Multi.Generic (1)
11:39:22.0421 3432  [ EEEA4A259891D43FEC7C25E45973740D ] NMSSvc          C:\WINDOWS\System32\NMSSvc.exe
11:39:22.0734 3432  NMSSvc ( UnsignedFile.Multi.Generic ) - warning
11:39:22.0734 3432  NMSSvc - detected UnsignedFile.Multi.Generic (1)
11:39:22.0781 3432  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:39:23.0109 3432  Npfs - ok
11:39:23.0156 3432  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:39:23.0453 3432  Ntfs - ok
11:39:23.0484 3432  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
11:39:23.0656 3432  NtLmSsp - ok
11:39:23.0703 3432  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:39:23.0953 3432  NtmsSvc - ok
11:39:24.0046 3432  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:39:24.0281 3432  Null - ok
11:39:24.0796 3432  [ C82F94077E2497E6685DA208E2F75B43 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:39:25.0453 3432  nv ( UnsignedFile.Multi.Generic ) - warning
11:39:25.0453 3432  nv - detected UnsignedFile.Multi.Generic (1)
11:39:25.0515 3432  [ 948C21C77FAD271CC6F851FC46029DD4 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
11:39:25.0609 3432  NVSvc ( UnsignedFile.Multi.Generic ) - warning
11:39:25.0609 3432  NVSvc - detected UnsignedFile.Multi.Generic (1)
11:39:25.0640 3432  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:39:25.0890 3432  NwlnkFlt - ok
11:39:25.0921 3432  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:39:26.0140 3432  NwlnkFwd - ok
11:39:26.0234 3432  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:39:26.0281 3432  ose - ok
11:39:26.0343 3432  [ A7AF0C0860F1C43FC6581BA8A99EABEF ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
11:39:26.0765 3432  P3 - ok
11:39:26.0796 3432  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:39:27.0078 3432  Parport - ok
11:39:27.0109 3432  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:39:27.0390 3432  PartMgr - ok
11:39:27.0515 3432  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:39:27.0750 3432  ParVdm - ok
11:39:27.0796 3432  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\drivers\pci.sys
11:39:28.0031 3432  PCI - ok
11:39:28.0046 3432  PCIDump - ok
11:39:28.0093 3432  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\System32\DRIVERS\pciide.sys
11:39:28.0343 3432  PCIIde - ok
11:39:28.0390 3432  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:39:28.0656 3432  Pcmcia - ok
11:39:28.0671 3432  PDCOMP - ok
11:39:28.0687 3432  PDFRAME - ok
11:39:28.0703 3432  PDRELI - ok
11:39:28.0718 3432  PDRFRAME - ok
11:39:28.0734 3432  perc2 - ok
11:39:28.0750 3432  perc2hib - ok
11:39:28.0812 3432  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
11:39:28.0890 3432  PlugPlay - ok
11:39:28.0906 3432  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
11:39:29.0093 3432  PolicyAgent - ok
11:39:29.0125 3432  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:39:29.0390 3432  PptpMiniport - ok
11:39:29.0437 3432  [ 2CB55427C58679F49AD600FCCBA76360 ] Processor       C:\WINDOWS\system32\drivers\processr.sys
11:39:29.0703 3432  Processor - ok
11:39:29.0750 3432  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:39:29.0953 3432  ProtectedStorage - ok
11:39:29.0984 3432  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:39:30.0312 3432  PSched - ok
11:39:30.0375 3432  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:39:30.0703 3432  Ptilink - ok
11:39:30.0718 3432  ql1080 - ok
11:39:30.0734 3432  Ql10wnt - ok
11:39:30.0734 3432  ql12160 - ok
11:39:30.0750 3432  ql1240 - ok
11:39:30.0765 3432  ql1280 - ok
11:39:30.0812 3432  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:39:31.0828 3432  RasAcd - ok
11:39:31.0937 3432  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:39:32.0484 3432  RasAuto - ok
11:39:32.0515 3432  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:39:32.0765 3432  Rasl2tp - ok
11:39:32.0921 3432  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:39:33.0234 3432  RasMan - ok
11:39:33.0265 3432  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:39:33.0515 3432  RasPppoe - ok
11:39:33.0609 3432  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:39:33.0937 3432  Raspti - ok
11:39:34.0015 3432  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:39:34.0265 3432  Rdbss - ok
11:39:34.0312 3432  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:39:34.0562 3432  RDPCDD - ok
11:39:34.0625 3432  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:39:34.0843 3432  rdpdr - ok
11:39:34.0890 3432  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:39:34.0953 3432  RDPWD - ok
11:39:35.0000 3432  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:39:35.0234 3432  RDSessMgr - ok
11:39:35.0265 3432  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:39:35.0468 3432  redbook - ok
11:39:35.0531 3432  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:39:35.0765 3432  RemoteAccess - ok
11:39:35.0796 3432  [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:39:36.0000 3432  RemoteRegistry - ok
11:39:36.0031 3432  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\System32\locator.exe
11:39:36.0218 3432  RpcLocator - ok
11:39:36.0250 3432  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:39:36.0578 3432  RpcSs - ok
11:39:36.0609 3432  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\System32\rsvp.exe
11:39:36.0828 3432  RSVP - ok
11:39:36.0859 3432  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:39:37.0109 3432  SamSs - ok
11:39:37.0140 3432  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:39:37.0390 3432  SCardSvr - ok
11:39:37.0453 3432  [ 612A3D69E603DBBE5C3C1079186A0393 ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
11:39:37.0468 3432  SCDEmu ( UnsignedFile.Multi.Generic ) - warning
11:39:37.0468 3432  SCDEmu - detected UnsignedFile.Multi.Generic (1)
11:39:37.0531 3432  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:39:37.0734 3432  Schedule - ok
11:39:37.0781 3432  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:39:37.0953 3432  Secdrv - ok
11:39:38.0000 3432  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:39:38.0171 3432  seclogon - ok
11:39:38.0203 3432  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
11:39:38.0375 3432  SENS - ok
11:39:38.0453 3432  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:39:38.0656 3432  serenum - ok
11:39:38.0687 3432  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:39:39.0296 3432  Serial - ok
11:39:39.0343 3432  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:39:39.0578 3432  Sfloppy - ok
11:39:39.0656 3432  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:39:39.0968 3432  SharedAccess - ok
11:39:40.0000 3432  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:39:40.0062 3432  ShellHWDetection - ok
11:39:40.0062 3432  Simbad - ok
11:39:40.0203 3432  [ 4931615EF9543728E0204973BE27B350 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:39:40.0328 3432  smwdm - ok
11:39:40.0390 3432  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
11:39:40.0640 3432  SONYPVU1 - ok
11:39:40.0656 3432  Sparrow - ok
11:39:40.0687 3432  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:39:40.0875 3432  splitter - ok
11:39:40.0906 3432  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:39:40.0968 3432  Spooler - ok
11:39:40.0984 3432  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:39:41.0171 3432  sr - ok
11:39:41.0218 3432  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\System32\srsvc.dll
11:39:41.0437 3432  srservice - ok
11:39:41.0484 3432  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:39:41.0562 3432  Srv - ok
11:39:41.0609 3432  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:39:41.0796 3432  SSDPSRV - ok
11:39:41.0843 3432  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:39:41.0875 3432  ssmdrv - ok
11:39:41.0921 3432  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:39:42.0187 3432  stisvc - ok
11:39:42.0296 3432  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:39:42.0578 3432  swenum - ok
11:39:42.0687 3432  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:39:42.0968 3432  swmidi - ok
11:39:42.0984 3432  SwPrv - ok
11:39:43.0062 3432  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\System32\DRIVERS\symc810.sys
11:39:43.0390 3432  symc810 - ok
11:39:43.0453 3432  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\System32\DRIVERS\symc8xx.sys
11:39:43.0765 3432  symc8xx - ok
11:39:43.0781 3432  [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi          C:\WINDOWS\System32\DRIVERS\symmpi.sys
11:39:43.0890 3432  Symmpi ( UnsignedFile.Multi.Generic ) - warning
11:39:43.0890 3432  Symmpi - detected UnsignedFile.Multi.Generic (1)
11:39:43.0953 3432  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\System32\DRIVERS\sym_hi.sys
11:39:44.0203 3432  sym_hi - ok
11:39:44.0265 3432  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\System32\DRIVERS\sym_u3.sys
11:39:44.0531 3432  sym_u3 - ok
11:39:44.0562 3432  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:39:45.0109 3432  sysaudio - ok
11:39:45.0187 3432  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:39:45.0515 3432  SysmonLog - ok
11:39:45.0578 3432  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:39:45.0828 3432  TapiSrv - ok
11:39:45.0875 3432  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:39:45.0984 3432  Tcpip - ok
11:39:46.0031 3432  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:39:46.0218 3432  TDPIPE - ok
11:39:46.0250 3432  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:39:46.0453 3432  TDTCP - ok
11:39:46.0500 3432  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:39:46.0718 3432  TermDD - ok
11:39:46.0812 3432  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:39:47.0093 3432  TermService - ok
11:39:47.0125 3432  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:39:47.0171 3432  Themes - ok
11:39:47.0203 3432  [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
11:39:47.0546 3432  TlntSvr - ok
11:39:47.0578 3432  TosIde - ok
11:39:47.0781 3432  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:39:48.0187 3432  TrkWks - ok
11:39:48.0218 3432  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:39:48.0531 3432  Udfs - ok
11:39:48.0546 3432  ultra - ok
11:39:48.0765 3432  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:39:49.0484 3432  Update - ok
11:39:49.0671 3432  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:39:50.0437 3432  upnphost - ok
11:39:50.0703 3432  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
11:39:50.0984 3432  UPS - ok
11:39:51.0109 3432  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:39:51.0875 3432  usbccgp - ok
11:39:52.0062 3432  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:39:52.0953 3432  usbehci - ok
11:39:53.0937 3432  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:39:54.0531 3432  usbhub - ok
11:39:54.0671 3432  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:39:54.0984 3432  usbohci - ok
11:39:55.0125 3432  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:39:55.0500 3432  usbprint - ok
11:39:55.0593 3432  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:39:55.0921 3432  usbscan - ok
11:39:56.0000 3432  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:39:56.0281 3432  USBSTOR - ok
11:39:56.0390 3432  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:39:56.0765 3432  usbuhci - ok
11:39:56.0812 3432  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:39:57.0156 3432  VgaSave - ok
11:39:57.0234 3432  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\System32\DRIVERS\viaide.sys
11:39:57.0531 3432  ViaIde - ok
11:39:57.0593 3432  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:39:57.0921 3432  VolSnap - ok
11:39:59.0171 3432  [ 4D8FC912E146DE0115392381C7114588 ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:39:59.0468 3432  vpnagent - ok
11:39:59.0562 3432  [ EA39F36302DACBCDCDB113313718E768 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
11:39:59.0843 3432  vpnva - ok
11:40:00.0031 3432  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:40:00.0500 3432  VSS - ok
11:40:00.0578 3432  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\System32\w32time.dll
11:40:01.0156 3432  W32Time - ok
11:40:03.0265 3432  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:40:04.0500 3432  Wanarp - ok
11:40:04.0578 3432  WDICA - ok
11:40:04.0734 3432  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:40:05.0609 3432  wdmaud - ok
11:40:05.0656 3432  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:40:05.0843 3432  WebClient - ok
11:40:05.0921 3432  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:40:06.0109 3432  winmgmt - ok
11:40:06.0156 3432  [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:40:06.0343 3432  WmdmPmSN - ok
11:40:06.0375 3432  [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:40:06.0531 3432  Wmi - ok
11:40:06.0593 3432  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:40:06.0781 3432  WmiApSrv - ok
11:40:06.0828 3432  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:40:07.0015 3432  wscsvc - ok
11:40:07.0062 3432  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:40:07.0234 3432  wuauserv - ok
11:40:07.0281 3432  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:40:07.0531 3432  WZCSVC - ok
11:40:07.0593 3432  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:40:07.0812 3432  xmlprov - ok
11:40:07.0843 3432  ================ Scan global ===============================
11:40:07.0890 3432  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:40:07.0953 3432  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:40:07.0984 3432  [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
11:40:08.0015 3432  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:40:08.0015 3432  [Global] - ok
11:40:08.0031 3432  ================ Scan MBR ==================================
11:40:08.0046 3432  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:40:08.0312 3432  \Device\Harddisk0\DR0 - ok
11:40:08.0328 3432  ================ Scan VBR ==================================
11:40:08.0359 3432  [ B89140E403890EBD880A4B948F442633 ] \Device\Harddisk0\DR0\Partition1
11:40:08.0359 3432  \Device\Harddisk0\DR0\Partition1 - ok
11:40:08.0359 3432  ============================================================
11:40:08.0359 3432  Scan finished
11:40:08.0359 3432  ============================================================
11:40:08.0500 1116  Detected object count: 14
11:40:08.0500 1116  Actual detected object count: 14
11:40:24.0453 1116  ACS ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116  ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0453 1116  adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116  adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0453 1116  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0453 1116  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:40:24.0453 1116  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
11:40:24.0468 1116  AR5523 ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116  AR5523 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0468 1116  C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116  C-DillaCdaC11BA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0468 1116  CdaC15BA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116  CdaC15BA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0468 1116  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0468 1116  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  NMSCFG ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  NMSCFG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  NMSSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  NMSSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  nv ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:24.0484 1116  Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
11:40:24.0484 1116  Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:40:27.0015 3584  Deinitialize success
         

Antwort

Themen zu Wie System Doctor 2014 auf WinXp entfernen
andere, anderen, doctor, entferne, entfernen, forum, individuelle, konnte, malewarebytes, scan, scanne, system, system doctor, system doctor 2014, threads, vorgehen, winxp




Ähnliche Themen: Wie System Doctor 2014 auf WinXp entfernen


  1. Zorton Win 7 Protect 2014 and Zorton Win 7 Antivirus 2014 entfernen
    Anleitungen, FAQs & Links - 02.12.2014 (2)
  2. Sirius Win 7 Antivirus 2014 and Sirius Win 7 Protection 2014 entfernen
    Anleitungen, FAQs & Links - 02.12.2014 (2)
  3. Rango XP Antivirus 2014 and Rango XP Protection 2014 entfernen
    Anleitungen, FAQs & Links - 02.10.2014 (2)
  4. Win 8 Antivirus 2014 and Win 8 Protection 2014 entfernen
    Anleitungen, FAQs & Links - 02.10.2014 (2)
  5. Vista Protection 2014 and Vista Antivirus 2014 entfernen
    Anleitungen, FAQs & Links - 02.10.2014 (2)
  6. XP Antivirus 2014 and XP Protection 2014 entfernen
    Anleitungen, FAQs & Links - 02.10.2014 (2)
  7. Win 7 Antivirus 2014 and Win 7 Protection 2014 entfernen
    Anleitungen, FAQs & Links - 02.10.2014 (2)
  8. Survey 2014 (Umfrage 2014) entfernen
    Anleitungen, FAQs & Links - 08.01.2014 (2)
  9. System doctor 2014 -> Google -> Spyhunter 4 -> Malebytes Anti Root kit
    Log-Analyse und Auswertung - 15.06.2013 (11)
  10. Wie entferne ich System Doctor 2014?
    Log-Analyse und Auswertung - 14.06.2013 (27)
  11. Und noch ein System Doctor 2014 Opfer
    Log-Analyse und Auswertung - 10.06.2013 (7)
  12. Laptop von "System Doctor 2014" betroffen
    Log-Analyse und Auswertung - 09.06.2013 (35)
  13. Windows 7 64 bit Rechner mit System Doctor 2014 infiziert
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (18)
  14. Laptop von System Doctor 2014 befallen (Win7 / 64bit)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (24)
  15. System Doctor 2014 entfernen
    Anleitungen, FAQs & Links - 31.05.2013 (2)
  16. Antimalware Doctor & Security Tool und Co winXP
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (19)
  17. Antimalware Doctor: Forumsanleitung zum Entfernen befolgt, System jetzt ok?
    Log-Analyse und Auswertung - 28.08.2010 (14)

Zum Thema Wie System Doctor 2014 auf WinXp entfernen - Hallo liebes Forum! Mich hat nun auch dieser miese System Doctor 2014 erwischt. Aus den anderen Threads konnte ich lesen, dass man doch auf individuelle Hilfe angewiesen ist. Also was - Wie System Doctor 2014 auf WinXp entfernen...
Archiv
Du betrachtest: Wie System Doctor 2014 auf WinXp entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.