Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.01.2012, 23:23   #1
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Hallo,

anscheinend habe auch ich mir diesen "BKA Virus" eingefangen. Beim Start des Systems wird mein Antivir Virescanner scheinbar deaktiviert, in der Tray ist das Symbol nicht mehr zu sehen. Sobald der Rechner fertig geladen hat, erscheint der IE mit einer Zahlungsaufforderung von 100 EUR, also das anscheinend übliche Schema. Strg Alt Entf funktioniert zwar, leider ist der Button für den Taskmanager aber gesperrt. Zum Schluß funktioniert das System dann überhaupt nicht mehr, statt des Desktops sieht man lediglich die gleiche Seite mit der Zahlungsaufforderung.
Unter diesem Account kann ich daher keine Tools mehr laufen lassen.
Vielleicht hat jemand von euch eine Idee, wie ich zumindest wieder mit dem Rechner (zur Not gerne offline) arbeiten kann um Daten zu sichern.

Über einen 2. Benutzeraccount konnte ich mit Antivir Scans durchführen, gefunden wurde folgendes:

Antivir LOG
Die Datei 'C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53\2578cd35-19ff19e1'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2011-3544.AM' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f3b9a67.qua' verschoben!

Defogger >Disable keine Fehlermeldung

OTL mit folgenden Daten laufen lassen:
activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %systemroot%\system32\*.manifest /3 /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe ipsec.sys afd.sys /md5stop HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT

Vielleicht ist der Rechner ja noch soweit zu retten, damit man noch einige Daten sichern kann.

Hier ist meine angefertigte OTL Logdatei:
HTML-Code:
OTL logfile created on: 04.01.2012 22:23:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\maxmustermann\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,59% Memory free
2,60 Gb Paging File | 2,14 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,19 Gb Free Space | 51,51% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: maxmustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\maxmustermann\Desktop\OTL.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2011.01.13 11:01:30 | 001,838,904 | ---- | M] (Orbitdownloader.com) -- C:\Programme\Orbitdownloader\orbitdm.exe
PRC - [2011.01.11 13:26:32 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Programme\Orbitdownloader\orbitnet.exe
PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2010.02.23 14:26:25 | 000,050,477 | ---- | M] () -- C:\downloads\Defogger(1).exe
PRC - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe
PRC - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe
PRC - [2009.07.15 15:51:36 | 000,942,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe
PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe
PRC - [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.08.04 00:58:22 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows NT\Zubehör\wordpad.exe
PRC - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) -- C:\Programme\Sygate\SPF\Smc.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
MOD - [2011.01.13 10:59:54 | 000,397,312 | ---- | M] () -- C:\Programme\Orbitdownloader\wtlctrl.dll
MOD - [2010.06.01 16:28:14 | 000,278,528 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010.06.01 16:28:14 | 000,163,840 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010.06.01 16:28:10 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010.06.01 16:28:06 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2010.02.23 14:26:25 | 000,050,477 | ---- | M] () -- C:\downloads\Defogger(1).exe
MOD - [2009.04.03 16:32:10 | 000,110,592 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\EnumDevLib.dll
MOD - [2008.01.22 18:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\acAuth.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe -- (HRD SerialPortSvr)
SRV - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe -- (HRD RemoteSvr)
SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)
SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2003.08.01 18:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Stopped] -- C:\Programme\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012.01.04 21:35:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.10.07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011.08.28 17:32:46 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.18 07:20:08 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\busenum.sys -- (busenum)
DRV - [2010.12.02 07:53:44 | 000,035,008 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010.11.02 21:51:49 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.11.02 21:30:47 | 000,045,400 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2010.11.02 21:30:47 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2010.11.02 21:30:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.06.01 16:28:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010.06.01 16:28:08 | 000,598,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK)) Wireless Network Adapter Service(TP-LINK)
DRV - [2010.03.18 11:06:20 | 000,121,224 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AbilisBdaTuner.sys -- (AbilisT)
DRV - [2009.10.08 13:41:46 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2009.10.08 13:41:46 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.06.26 08:21:34 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2009.06.10 14:33:19 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009.06.10 14:33:19 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.11.26 14:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2000.09.19 11:16:56 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)
DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [2000.02.08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.04.17 03:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.04.17 03:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.12 13:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.12 13:01:16 | 000,000,000 | ---D | M]
 
[2011.04.28 19:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\maxmustermann\Anwendungsdaten\Mozilla\Extensions
[2011.04.07 16:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.17 17:49:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.02.17 19:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.31 07:09:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DesktopTwister] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\_PA297\DSKTWIST.EXE File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinVNC] C:\Programme\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1801674531-725345543-682003330-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AWUS036H Wireless LAN Utility.lnk = C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64289A02-7B55-4DFB-8743-96B753339B8C}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEAF9C74-006E-4375-A432-493CF9A384AC}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.01.27 18:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.01.04 21:33:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.01.04 21:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\maxmustermann\Anwendungsdaten\Malwarebytes
[2012.01.04 21:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.04 21:32:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.04 21:32:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.04 21:32:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.04 21:29:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\maxmustermann\Desktop\OTL.exe
[2012.01.04 20:31:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\maxmustermann\Recent
[2011.12.15 14:52:28 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoinstaller01007.dll
[2011.12.15 14:52:28 | 000,063,488 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\silabser.sys
[2011.12.15 14:52:28 | 000,017,920 | ---- | C] (Silicon Laboratories, Inc.) -- C:\WINDOWS\System32\drivers\silabenm.sys
[2011.12.15 14:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Silabs
[2011.12.15 14:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
[2011.12.15 14:52:01 | 000,000,000 | ---D | C] -- C:\SiLabs
[2011.12.11 16:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DupDetector
[2011.12.11 16:51:19 | 000,000,000 | ---D | C] -- C:\Programme\Prismatic Software
[2011.12.11 16:38:00 | 000,000,000 | ---D | C] -- C:\Programme\AntiTwin
[2011.12.11 12:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2011.12.11 12:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.12.11 12:45:18 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011.12.07 14:41:32 | 000,000,000 | ---D | C] -- C:\Programme\PonyProg2000
[2011.12.07 14:41:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PonyProg
[2011.12.07 14:03:07 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\SER9PL.sys
[2011.12.07 13:44:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MCS Electronics
[2011.12.07 13:43:52 | 000,014,544 | ---- | C] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\TVicPort.sys
[2011.12.07 13:43:46 | 000,000,000 | ---D | C] -- C:\Programme\MCS Electronics
[2003.11.26 23:43:44 | 000,049,152 | ---- | C] (CodeMercs) -- C:\Programme\IOWKIT.DLL
[2003.01.13 15:32:18 | 000,057,344 | ---- | C] (FTDI Ltd) -- C:\Programme\UIO88.DLL
[1999.08.18 05:00:00 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\Programme\BORLNDMM.DLL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.01.04 22:21:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\maxmustermann\defogger_reenable
[2012.01.04 22:13:43 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\maxmustermann\Desktop\gmer.zip
[2012.01.04 21:35:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.01.04 21:32:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.04 20:57:44 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.04 20:57:44 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.04 20:57:44 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.04 20:57:44 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.04 20:56:41 | 000,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
[2012.01.04 20:53:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.04 20:53:11 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 19:16:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.15 14:52:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2011.12.11 16:38:02 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk
[2011.12.11 13:13:41 | 000,002,342 | ---- | M] () -- C:\WINDOWS\ST6UNST.001
[2011.12.11 13:13:27 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2011.12.11 13:13:26 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.01.04 22:21:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\maxmustermann\defogger_reenable
[2012.01.04 22:13:42 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\maxmustermann\Desktop\gmer.zip
[2012.01.04 21:32:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.15 14:52:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2011.12.11 16:38:04 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Anti-Twin.lnk
[2011.12.11 16:38:02 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk
[2011.12.11 13:13:25 | 000,002,342 | ---- | C] () -- C:\WINDOWS\ST6UNST.001
[2011.12.07 14:03:07 | 000,026,719 | ---- | C] () -- C:\WINDOWS\System32\SERSPL.VXD
[2011.10.10 16:10:27 | 000,076,088 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.05 19:12:38 | 000,000,409 | ---- | C] () -- C:\WINDOWS\songs.ini
[2011.09.05 19:03:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2011.08.28 17:39:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.24 15:42:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.07.11 21:45:07 | 000,340,021 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2011.06.18 16:32:31 | 000,000,234 | ---- | C] () -- C:\WINDOWS\HRDLog001.INI
[2011.05.22 20:34:34 | 000,000,060 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2011.05.22 20:33:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2011.05.22 20:15:54 | 000,000,093 | ---- | C] () -- C:\WINDOWS\kjkjbas.INI
[2011.05.22 20:15:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\kjkjERR.INI
[2011.05.19 17:33:51 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.05.19 17:33:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2011.05.19 17:30:10 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011.05.19 17:30:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011.05.19 17:30:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011.05.19 17:30:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011.05.19 17:30:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011.05.19 17:30:03 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011.05.19 17:30:01 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2011.05.04 19:37:08 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\maxmustermann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.25 19:25:30 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011.04.25 19:25:01 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011.04.25 19:25:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011.04.11 10:42:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2011.04.11 09:34:16 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2011.03.17 17:50:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.08 20:49:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\DigiPan.INI
[2011.02.24 19:38:52 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011.02.20 10:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.17 19:03:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.02.17 16:44:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011.02.17 16:17:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009.01.27 19:10:59 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009.01.27 19:04:16 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.01.27 19:00:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.01.27 18:53:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.27 18:40:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.27 18:39:06 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.11.26 15:10:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\emcoinst.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.03.23 03:03:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\emasio.dat
[2006.12.13 15:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2006.06.10 05:17:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\emusba10.dat
[2005.01.06 11:08:14 | 003,917,312 | ---- | C] () -- C:\Programme\profilab30.exe
[2005.01.06 11:02:56 | 000,222,981 | ---- | C] () -- C:\Programme\profilab30.chm
[2004.12.22 14:42:32 | 000,157,630 | ---- | C] () -- C:\Programme\all_hardware.htm
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.02 07:25:42 | 000,724,480 | ---- | C] () -- C:\Programme\dmm_easy.exe
[2004.03.24 18:15:50 | 000,388,096 | ---- | C] () -- C:\Programme\USB8IO.DLL
[2003.07.01 04:56:36 | 000,345,600 | ---- | C] () -- C:\Programme\K8055D.DLL
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.08.29 02:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,458,476 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 13:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,084,318 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 13:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000.09.19 11:16:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.SYS
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.10.10 16:08:40 | 000,000,000 | ---D | M] -- C:\8b130456d411efb847b5e50c
[2011.10.24 19:32:26 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.01.27 19:07:19 | 000,000,000 | ---D | M] -- C:\dell
[2011.04.24 18:11:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.01.04 22:20:14 | 000,000,000 | ---D | M] -- C:\downloads
[2009.01.27 19:11:20 | 000,000,000 | ---D | M] -- C:\drvrtmp
[2011.07.29 19:26:40 | 000,000,000 | ---D | M] -- C:\Elektrotechnik
[2011.07.11 23:40:49 | 000,000,000 | ---D | M] -- C:\karten
[2011.08.28 17:36:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.24 22:05:00 | 000,000,000 | ---D | M] -- C:\OWON
[2011.10.24 16:14:12 | 000,000,000 | ---D | M] -- C:\Patch
[2011.05.05 16:32:28 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.01.04 21:32:44 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.08 19:44:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.02.24 19:38:28 | 000,000,000 | ---D | M] -- C:\scan
[2011.12.15 14:52:01 | 000,000,000 | ---D | M] -- C:\SiLabs
[2011.06.27 15:23:57 | 000,000,000 | ---D | M] -- C:\Spectrum
[2012.01.04 22:12:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.04 21:20:12 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.10.23 16:57:01 | 000,000,000 | ---D | M] -- C:\xp
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[2004.07.02 07:25:42 | 000,724,480 | ---- | M] () -- C:\Programme\dmm_easy.exe
[2005.02.22 09:14:04 | 003,917,312 | ---- | M] () -- C:\Programme\profilab30.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.manifest /3 >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
[color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2002.08.29 01:01:14 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=51B1872B62D1C335BAC53313913C8D5B -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\system32\drivers\afd.sys
[2004.08.03 23:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2004.08.03 23:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2002.08.29 02:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2005.04.07 19:46:59 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
[color=#A23BEC]< MD5 for: IPSEC.SYS  >[/color]
[2002.08.29 01:07:22 | 000,057,984 | ---- | M] (Microsoft Corporation) MD5=1C4802409CFD4A7051F458B744CFCAA5 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2004.08.03 23:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2004.08.03 23:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2004.08.04 00:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe
[2004.08.04 00:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2002.08.29 02:43:40 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\xp\I386\REGEDIT.EXE
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2002.08.29 02:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 02:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2008.09.15 16:37:15 | 001,846,144 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >
Zwar bin ich mit Sicherungen etwas spät dran, aber ich werde mal die Platte komplett sichern.

Alex

Alt 05.01.2012, 12:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 06.01.2012, 14:00   #3
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Hallo Arne,

vielen Danke für Deine Antwort und Hilfe. Der erste Scan mit Malwarebyte ist nach über 12h vorbei. Gefunden wurden 6 Objekte.

Sollen diese alle sofort gelöscht werden bevor ich den ESET Scan durchführe?

Gruß

Alex

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.05.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
alex :: ECHO [Administrator]

05.01.2012 18:41:48
mbam-log-2012-01-06 (13-52-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 279184
Laufzeit: 14 Stunde(n), 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\0.006126106065838188.exe (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8\5b0c0808-1c56b546 (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\Programme\NirSoft\MessenPass\mspass.exe (PUP.PSW.MessenPass) -> Keine Aktion durchgeführt.
C:\Programme\K8055D.DLL (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Programme\USB8IO.DLL (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\0.006126106065838188.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
__________________

Alt 06.01.2012, 15:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 17:12   #5
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Abend Arne,

die Funde wurden gelöscht. Im Anschluß habe ich den ESET Scanner laufen lassen, hier wurde nichts mehr gefunden.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0e33ed73f509874aa7375caf7ecd6c8d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 04:09:12
# local_time=2012-01-06 05:09:12 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777175 100 0 23738857 23738857 0 0
# compatibility_mode=8192 67108863 100 0 4782 4782 0 0
# scanned=50785
# found=0
# cleaned=0
# scan_time=10114
         


Alt 06.01.2012, 19:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.

Alt 06.01.2012, 20:17   #7
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



OTL Scan habe ich mit den Custom Parametern durchgeführt. Hier das Log der Datei. Vielen Dank schonmal bis dahin für die Mühe und den guten Support Arne !


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2012 19:17:14 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\alex\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,44% Memory free
1,85 Gb Paging File | 1,23 Gb Available in Paging File | 66,23% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,26 Gb Total Space | 19,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: ECHO | User Name: alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.11 11:35:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\alex\Desktop\OTL.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
PRC - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe
PRC - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe
PRC - [2009.07.15 15:51:36 | 000,942,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe
PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe
PRC - [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.11 11:35:13 | 000,275,968 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2011.12.11 11:35:13 | 000,078,336 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2011.12.11 11:35:13 | 000,064,000 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2011.12.11 11:35:13 | 000,046,592 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2011.12.11 11:35:12 | 000,783,360 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll
MOD - [2011.12.11 11:35:12 | 000,316,928 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2011.12.11 11:35:12 | 000,168,448 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2011.12.11 11:35:12 | 000,099,840 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2011.12.11 11:35:12 | 000,098,816 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2011.12.11 11:35:12 | 000,098,816 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2011.12.11 11:35:12 | 000,076,800 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2011.12.11 11:35:12 | 000,068,608 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011.12.11 11:35:12 | 000,045,568 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2011.04.28 20:01:35 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
MOD - [2010.06.01 16:28:14 | 000,278,528 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll
MOD - [2010.06.01 16:28:14 | 000,163,840 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll
MOD - [2010.06.01 16:28:10 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll
MOD - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
MOD - [2010.06.01 16:28:06 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll
MOD - [2009.04.03 16:32:10 | 000,110,592 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\EnumDevLib.dll
MOD - [2008.01.22 18:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\acAuth.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe -- (HRD SerialPortSvr)
SRV - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe -- (HRD RemoteSvr)
SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)
SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Stopped] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService)
SRV - [2003.08.01 18:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Stopped] -- C:\Programme\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2011.08.28 17:32:46 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.18 07:20:08 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\busenum.sys -- (busenum)
DRV - [2010.12.02 07:53:44 | 000,035,008 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010.11.02 21:51:49 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.11.02 21:30:47 | 000,045,400 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2010.11.02 21:30:47 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2010.11.02 21:30:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.06.01 16:28:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2010.06.01 16:28:08 | 000,598,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK)) Wireless Network Adapter Service(TP-LINK)
DRV - [2010.03.18 11:06:20 | 000,121,224 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AbilisBdaTuner.sys -- (AbilisT)
DRV - [2009.10.08 13:41:46 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2009.10.08 13:41:46 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.06.26 08:21:34 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2009.06.10 14:33:19 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009.06.10 14:33:19 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.11.26 14:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)
DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2000.09.19 11:16:56 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)
DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [2000.02.08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.04.17 03:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.04.17 03:36:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.12 13:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.12 13:01:16 | 000,000,000 | ---D | M]
 
[2011.04.28 19:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Mozilla\Extensions
[2011.04.07 16:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.17 17:49:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.02.17 19:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.31 07:09:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DesktopTwister] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\_PA297\DSKTWIST.EXE File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinVNC] C:\Programme\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AWUS036H Wireless LAN Utility.lnk = C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64289A02-7B55-4DFB-8743-96B753339B8C}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEAF9C74-006E-4375-A432-493CF9A384AC}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.01.27 18:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.06 17:59:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\alex\Recent
[2012.01.06 17:23:20 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\alex\Desktop\tdsskiller.exe
[2012.01.06 14:01:02 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.06 14:00:53 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\alex\Eigene Dateien\esetsmartinstaller_enu.exe
[2012.01.05 00:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Desktop\osam
[2012.01.04 23:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Anwendungsdaten\Opera
[2012.01.04 23:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera
[2012.01.04 21:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Malwarebytes
[2012.01.04 21:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.04 21:32:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.04 21:32:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.04 21:32:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.04 21:29:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\alex\Desktop\OTL.exe
[2011.12.15 14:52:28 | 000,063,488 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\silabser.sys
[2011.12.15 14:52:28 | 000,017,920 | ---- | C] (Silicon Laboratories, Inc.) -- C:\WINDOWS\System32\drivers\silabenm.sys
[2011.12.15 14:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Silabs
[2011.12.15 14:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
[2011.12.15 14:52:01 | 000,000,000 | ---D | C] -- C:\SiLabs
[2011.12.11 16:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DupDetector
[2011.12.11 16:51:19 | 000,000,000 | ---D | C] -- C:\Programme\Prismatic Software
[2011.12.11 16:38:00 | 000,000,000 | ---D | C] -- C:\Programme\AntiTwin
[2011.12.11 12:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2011.12.11 12:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2003.11.26 23:43:44 | 000,049,152 | ---- | C] (CodeMercs) -- C:\Programme\IOWKIT.DLL
[2003.01.13 15:32:18 | 000,057,344 | ---- | C] (FTDI Ltd) -- C:\Programme\UIO88.DLL
[1999.08.18 05:00:00 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\Programme\BORLNDMM.DLL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 

[2012.01.06 17:23:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\alex\Desktop\tdsskiller.exe
[2012.01.06 14:17:19 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.06 14:17:19 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.06 14:17:19 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.06 14:17:19 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.06 14:13:51 | 000,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk
[2012.01.06 14:12:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.06 14:12:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.06 14:12:45 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.06 14:00:54 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\alex\Eigene Dateien\esetsmartinstaller_enu.exe
[2012.01.04 22:21:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\alex\defogger_reenable
[2012.01.04 22:13:43 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\alex\Desktop\gmer.zip
[2012.01.04 21:32:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.15 14:52:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2011.12.11 16:38:02 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk
[2011.12.11 13:13:41 | 000,002,342 | ---- | M] () -- C:\WINDOWS\ST6UNST.001
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.04 22:21:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\defogger_reenable
[2012.01.04 22:13:42 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\Desktop\gmer.zip
[2012.01.04 21:32:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.15 14:52:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2011.12.11 16:38:04 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Anti-Twin.lnk
[2011.12.11 16:38:02 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk
[2011.12.11 13:13:25 | 000,002,342 | ---- | C] () -- C:\WINDOWS\ST6UNST.001
[2011.10.10 16:10:27 | 000,076,088 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.05 19:12:38 | 000,000,409 | ---- | C] () -- C:\WINDOWS\songs.ini
[2011.09.05 19:03:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2011.08.28 17:39:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.24 15:42:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.07.11 21:45:07 | 000,340,021 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2011.06.18 16:32:31 | 000,000,234 | ---- | C] () -- C:\WINDOWS\HRDLog001.INI
[2011.05.22 20:33:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2011.05.22 20:15:54 | 000,000,093 | ---- | C] () -- C:\WINDOWS\kjkjbas.INI
[2011.05.22 20:15:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\kjkjERR.INI
[2011.05.19 17:33:51 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.05.19 17:33:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT
[2011.05.19 17:30:10 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011.05.19 17:30:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2011.05.19 17:30:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011.05.19 17:30:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2011.05.19 17:30:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011.05.19 17:30:03 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2011.05.19 17:30:01 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2011.05.04 19:37:08 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.25 19:25:30 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2011.04.25 19:25:01 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2011.04.25 19:25:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll
[2011.04.11 10:42:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll
[2011.04.11 09:34:16 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll
[2011.03.17 17:50:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.08 20:49:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\DigiPan.INI
[2011.02.24 19:38:52 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2011.02.20 10:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.02.17 19:03:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.02.17 16:44:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2011.02.17 16:17:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2009.01.27 19:10:59 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009.01.27 19:04:16 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.01.27 19:00:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.01.27 18:53:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.27 18:40:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.01.27 18:39:06 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.11.26 15:10:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\emcoinst.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.03.23 03:03:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\emasio.dat
[2006.12.13 15:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2006.06.10 05:17:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\emusba10.dat
[2005.01.06 11:08:14 | 003,917,312 | ---- | C] () -- C:\Programme\profilab30.exe
[2005.01.06 11:02:56 | 000,222,981 | ---- | C] () -- C:\Programme\profilab30.chm
[2004.12.22 14:42:32 | 000,157,630 | ---- | C] () -- C:\Programme\all_hardware.htm
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.02 07:25:42 | 000,724,480 | ---- | C] () -- C:\Programme\dmm_easy.exe
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.08.29 02:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,458,476 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 13:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,084,318 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 13:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000.09.19 11:16:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.SYS
 
========== LOP Check ==========
 
[2011.04.24 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Orbit
[2011.04.24 18:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ProgSense
[2011.05.22 20:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Dev-Cpp
[2011.05.18 03:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Foxit Software
[2011.05.22 20:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\GetRightToGo
[2011.05.22 20:46:05 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microchip
[2012.01.04 23:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera
[2012.01.06 14:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Orbit
[2011.04.21 00:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\ProgSense
[2011.06.11 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Telefónica
[2011.05.24 02:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\TrueCrypt
[2011.07.27 21:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\uTorrent
[2011.02.17 18:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
[2009.01.27 19:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware
[2011.08.28 17:32:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.02.17 19:10:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems
[2011.07.22 20:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeaTTY
[2011.04.24 23:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2011.02.23 14:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.21 00:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Adobe
[2011.05.21 02:52:02 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Brother
[2011.05.22 20:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Dev-Cpp
[2011.05.04 19:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\DivX
[2011.05.18 03:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Foxit Software
[2011.05.22 20:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\GetRightToGo
[2011.04.21 00:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Identities
[2011.04.23 19:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Macromedia
[2012.01.04 21:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Malwarebytes
[2011.05.22 20:46:05 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microchip
[2011.05.19 21:56:43 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microsoft
[2011.04.28 19:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Mozilla
[2012.01.04 23:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera
[2012.01.06 14:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Orbit
[2011.04.21 00:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\ProgSense
[2011.04.21 17:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Sun
[2011.06.11 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Telefónica
[2011.05.24 02:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\TrueCrypt
[2011.07.27 21:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\uTorrent
[2011.05.04 23:47:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\xp\I386\sp1.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[2002.08.29 02:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2002.08.29 02:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[2002.08.29 02:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2002.08.29 02:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2002.08.29 02:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2002.08.29 02:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.01.27 19:38:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.01.27 19:38:23 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.01.27 19:38:23 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
         
--- --- ---

Alt 06.01.2012, 20:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O3 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DesktopTwister] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\_PA297\DSKTWIST.EXE File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.01.27 18:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 20:45   #9
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Hallo Arne,

OTL Script habe ich laufen lassen, "alle" Programme beendet, neu gestartet wurde nicht. Hier das neue Log:

Code:
ATTFilter
Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.01.2012 19:17:14 - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\alex\Desktop> in the current context!
Error: Unable to interpret <Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 7.0.5730.13)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,44% Memory free> in the current context!
Error: Unable to interpret <1,85 Gb Paging File | 1,23 Gb Available in Paging File | 66,23% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s):  [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 37,26 Gb Total Space | 19,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: ECHO | User Name: alex | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users | Quick Scan> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2011.12.11 11:35:08 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe> in the current context!
Error: Unable to interpret <PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\alex\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe> in the current context!
Error: Unable to interpret <PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe> in the current context!
Error: Unable to interpret <PRC - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe> in the current context!
Error: Unable to interpret <PRC - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe> in the current context!
Error: Unable to interpret <PRC - [2009.07.15 15:51:36 | 000,942,080 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe> in the current context!
Error: Unable to interpret <PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe> in the current context!
Error: Unable to interpret <PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe> in the current context!
Error: Unable to interpret <PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe> in the current context!
Error: Unable to interpret <PRC - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) -- C:\WINDOWS\system32\emaudsv.exe> in the current context!
Error: Unable to interpret <PRC - [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:13 | 000,275,968 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:13 | 000,078,336 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:13 | 000,064,000 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:13 | 000,046,592 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,783,360 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,316,928 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,168,448 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,099,840 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,098,816 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,098,816 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,076,800 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,068,608 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll> in the current context!
Error: Unable to interpret <MOD - [2011.12.11 11:35:12 | 000,045,568 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll> in the current context!
Error: Unable to interpret <MOD - [2011.04.28 20:01:35 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll> in the current context!
Error: Unable to interpret <MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll> in the current context!
Error: Unable to interpret <MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <MOD - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe> in the current context!
Error: Unable to interpret <MOD - [2010.06.01 16:28:14 | 000,278,528 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dll> in the current context!
Error: Unable to interpret <MOD - [2010.06.01 16:28:14 | 000,163,840 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dll> in the current context!
Error: Unable to interpret <MOD - [2010.06.01 16:28:10 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\wgapiloc.dll> in the current context!
Error: Unable to interpret <MOD - [2010.06.01 16:28:06 | 000,561,263 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe> in the current context!
Error: Unable to interpret <MOD - [2010.06.01 16:28:06 | 000,422,000 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll> in the current context!
Error: Unable to interpret <MOD - [2009.04.03 16:32:10 | 000,110,592 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\EnumDevLib.dll> in the current context!
Error: Unable to interpret <MOD - [2008.01.22 18:28:02 | 000,339,968 | ---- | M] () -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sqlite3.dll> in the current context!
Error: Unable to interpret <MOD - [2007.07.12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Programme\AWUS036H Wireless LAN Utility\acAuth.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)> in the current context!
Error: Unable to interpret <SRV - [2010.06.01 16:28:20 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)> in the current context!
Error: Unable to interpret <SRV - [2009.09.03 06:44:12 | 000,495,693 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDSerialPortSvr.exe -- (HRD SerialPortSvr)> in the current context!
Error: Unable to interpret <SRV - [2009.09.03 06:31:56 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Programme\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe -- (HRD RemoteSvr)> in the current context!
Error: Unable to interpret <SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)> in the current context!
Error: Unable to interpret <SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)> in the current context!
Error: Unable to interpret <SRV - [2007.11.26 15:10:08 | 000,020,992 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\WINDOWS\system32\emaudsv.exe -- (emaudsv)> in the current context!
Error: Unable to interpret <SRV - [2004.02.24 16:35:06 | 002,372,760 | ---- | M] (Sygate Technologies, Inc.) [Auto | Stopped] -- C:\Programme\Sygate\SPF\Smc.exe -- (SmcService)> in the current context!
Error: Unable to interpret <SRV - [2003.08.01 18:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Stopped] -- C:\Programme\TightVNC\WinVNC.exe -- (winvnc)> in the current context!
Error: Unable to interpret <SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - [2011.10.07 16:21:06 | 000,066,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)> in the current context!
Error: Unable to interpret <DRV - [2011.08.28 17:32:46 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)> in the current context!
Error: Unable to interpret <DRV - [2011.02.18 07:20:08 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\busenum.sys -- (busenum)> in the current context!
Error: Unable to interpret <DRV - [2010.12.02 07:53:44 | 000,035,008 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)> in the current context!
Error: Unable to interpret <DRV - [2010.11.02 21:51:49 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)> in the current context!
Error: Unable to interpret <DRV - [2010.11.02 21:30:47 | 000,045,400 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)> in the current context!
Error: Unable to interpret <DRV - [2010.11.02 21:30:47 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)> in the current context!
Error: Unable to interpret <DRV - [2010.11.02 21:30:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)> in the current context!
Error: Unable to interpret <DRV - [2010.06.01 16:28:20 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)> in the current context!
Error: Unable to interpret <DRV - [2010.06.01 16:28:08 | 000,598,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arusb.sys -- (arusb(TP-LINK)) Wireless Network Adapter Service(TP-LINK)> in the current context!
Error: Unable to interpret <DRV - [2010.03.18 11:06:20 | 000,121,224 | ---- | M] (ABILIS Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AbilisBdaTuner.sys -- (AbilisT)> in the current context!
Error: Unable to interpret <DRV - [2009.10.08 13:41:46 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)> in the current context!
Error: Unable to interpret <DRV - [2009.10.08 13:41:46 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)> in the current context!
Error: Unable to interpret <DRV - [2009.06.26 08:21:34 | 000,323,328 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)> in the current context!
Error: Unable to interpret <DRV - [2009.06.10 14:33:19 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)> in the current context!
Error: Unable to interpret <DRV - [2009.06.10 14:33:19 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)> in the current context!
Error: Unable to interpret <DRV - [2007.11.26 14:14:54 | 000,163,352 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emusba10.sys -- (emusba10)> in the current context!
Error: Unable to interpret <DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)> in the current context!
Error: Unable to interpret <DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)> in the current context!
Error: Unable to interpret <DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)> in the current context!
Error: Unable to interpret <DRV - [2004.02.02 10:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)> in the current context!
Error: Unable to interpret <DRV - [2004.02.02 10:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)> in the current context!
Error: Unable to interpret <DRV - [2004.02.02 10:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)> in the current context!
Error: Unable to interpret <DRV - [2000.09.19 11:16:56 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)> in the current context!
Error: Unable to interpret <DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)> in the current context!
Error: Unable to interpret <DRV - [2000.02.08 10:30:24 | 000,015,488 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1801674531-725345543-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.04.17 03:36:51 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.04.17 03:36:52 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.12 13:01:16 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.12 13:01:16 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011.04.28 19:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2011.04.07 16:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2011.03.17 17:49:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}> in the current context!
Error: Unable to interpret <[2011.02.17 19:28:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF> in the current context!
Error: Unable to interpret <[2011.07.31 07:09:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DesktopTwister] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\_PA297\DSKTWIST.EXE File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [TWCU] C:\Programme\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [WinVNC] C:\Programme\TightVNC\WinVNC.exe (Constantin Kaplinsky)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AWUS036H Wireless LAN Utility.lnk = C:\Programme\AWUS036H Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-1801674531-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64289A02-7B55-4DFB-8743-96B753339B8C}: NameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEAF9C74-006E-4375-A432-493CF9A384AC}: NameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 0> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2009.01.27 18:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <NetSvcs: 6to4 -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Ias -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Iprip -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Irmon -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: NWCWorkstation -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Nwsapagent -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: WmdmPmSp -  File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SafeBootMin: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: sermouse.sys - Driver> in the current context!
Error: Unable to interpret <SafeBootMin: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootMin: vds - Service> in the current context!
Error: Unable to interpret <SafeBootMin: vga.sys - Driver> in the current context!
Error: Unable to interpret <SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy> in the current context!
Error: Unable to interpret <SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SafeBootNet: Base - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Boot Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Boot file system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: File system - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NDIS Wrapper - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetBIOSGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetDDEGroup - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Network - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: NetworkProvider - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PCI Configuration - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PNP Filter - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: PNP_TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: Primary disk - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: SCSI Class - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: sermouse.sys - Driver> in the current context!
Error: Unable to interpret <SafeBootNet: Streams Drivers - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: System Bus Extender - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: TDI - Driver Group> in the current context!
Error: Unable to interpret <SafeBootNet: UploadMgr - Service> in the current context!
Error: Unable to interpret <SafeBootNet: vga.sys - Driver> in the current context!
Error: Unable to interpret <SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System> in the current context!
Error: Unable to interpret <SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive> in the current context!
Error: Unable to interpret <SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume> in the current context!
Error: Unable to interpret <SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)> in the current context!
Error: Unable to interpret <ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)> in the current context!
Error: Unable to interpret <ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow> in the current context!
Error: Unable to interpret <ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4> in the current context!
Error: Unable to interpret <ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation> in the current context!
Error: Unable to interpret <ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context!
Error: Unable to interpret <ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java> in the current context!
Error: Unable to interpret <ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context!
Error: Unable to interpret <ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe> in the current context!
Error: Unable to interpret <ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring> in the current context!
Error: Unable to interpret <ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> in the current context!
Error: Unable to interpret <ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> in the current context!
Error: Unable to interpret <ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow> in the current context!
Error: Unable to interpret <ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context!
Error: Unable to interpret <ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context!
Error: Unable to interpret <ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes> in the current context!
Error: Unable to interpret <ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6> in the current context!
Error: Unable to interpret <ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)> in the current context!
Error: Unable to interpret <ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1> in the current context!
Error: Unable to interpret <ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW> in the current context!
Error: Unable to interpret <ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context!
Error: Unable to interpret <ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context!
Error: Unable to interpret <ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context!
Error: Unable to interpret <ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context!
Error: Unable to interpret <ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner> in the current context!
Error: Unable to interpret <ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> in the current context!
Error: Unable to interpret <ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> in the current context!
Error: Unable to interpret <ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context!
Error: Unable to interpret <ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context!
Error: Unable to interpret <ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner> in the current context!
Error: Unable to interpret <ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1> in the current context!
Error: Unable to interpret <ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash> in the current context!
Error: Unable to interpret <ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context!
Error: Unable to interpret <ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context!
Error: Unable to interpret <ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe> in the current context!
Error: Unable to interpret <ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP> in the current context!
Error: Unable to interpret <ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> in the current context!
Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> in the current context!
Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> in the current context!
Error: Unable to interpret <ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)> in the current context!
Error: Unable to interpret <Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)> in the current context!
Error: Unable to interpret <Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)> in the current context!
Error: Unable to interpret <Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)> in the current context!
Error: Unable to interpret <Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)> in the current context!
Error: Unable to interpret <Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()> in the current context!
Error: Unable to interpret <Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()> in the current context!
Error: Unable to interpret <Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <Restore point Set: OTL Restore Point> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.01.06 17:59:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\alex\Recent> in the current context!
Error: Unable to interpret <[2012.01.06 17:23:20 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\alex\Desktop\tdsskiller.exe> in the current context!
Error: Unable to interpret <[2012.01.06 14:01:02 | 000,000,000 | ---D | C] -- C:\Programme\ESET> in the current context!
Error: Unable to interpret <[2012.01.06 14:00:53 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\alex\Eigene Dateien\esetsmartinstaller_enu.exe> in the current context!
Error: Unable to interpret <[2012.01.05 00:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Desktop\osam> in the current context!
Error: Unable to interpret <[2012.01.04 23:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Anwendungsdaten\Opera> in the current context!
Error: Unable to interpret <[2012.01.04 23:02:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera> in the current context!
Error: Unable to interpret <[2012.01.04 21:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Malwarebytes> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2012.01.04 21:29:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\alex\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:28 | 000,063,488 | ---- | C] (Silicon Laboratories) -- C:\WINDOWS\System32\drivers\silabser.sys> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:28 | 000,017,920 | ---- | C] (Silicon Laboratories, Inc.) -- C:\WINDOWS\System32\drivers\silabenm.sys> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:28 | 000,000,000 | ---D | C] -- C:\Programme\Silabs> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:01 | 000,000,000 | ---D | C] -- C:\SiLabs> in the current context!
Error: Unable to interpret <[2011.12.11 16:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DupDetector> in the current context!
Error: Unable to interpret <[2011.12.11 16:51:19 | 000,000,000 | ---D | C] -- C:\Programme\Prismatic Software> in the current context!
Error: Unable to interpret <[2011.12.11 16:38:00 | 000,000,000 | ---D | C] -- C:\Programme\AntiTwin> in the current context!
Error: Unable to interpret <[2011.12.11 12:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe> in the current context!
Error: Unable to interpret <[2011.12.11 12:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe> in the current context!
Error: Unable to interpret <[2003.11.26 23:43:44 | 000,049,152 | ---- | C] (CodeMercs) -- C:\Programme\IOWKIT.DLL> in the current context!
Error: Unable to interpret <[2003.01.13 15:32:18 | 000,057,344 | ---- | C] (FTDI Ltd) -- C:\Programme\UIO88.DLL> in the current context!
Error: Unable to interpret <[1999.08.18 05:00:00 | 000,025,600 | ---- | C] (Inprise Corporation) -- C:\Programme\BORLNDMM.DLL> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\*.tmp files -> C:\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.01.06 17:23:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\alex\Desktop\tdsskiller.exe> in the current context!
Error: Unable to interpret <[2012.01.06 14:17:19 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2012.01.06 14:17:19 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.01.06 14:17:19 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2012.01.06 14:17:19 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.01.06 14:13:51 | 000,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk> in the current context!
Error: Unable to interpret <[2012.01.06 14:12:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2012.01.06 14:12:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.01.06 14:12:45 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2012.01.06 14:00:54 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\alex\Eigene Dateien\esetsmartinstaller_enu.exe> in the current context!
Error: Unable to interpret <[2012.01.04 22:21:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\alex\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.01.04 22:13:43 | 000,294,216 | ---- | M] () -- C:\Dokumente und Einstellungen\alex\Desktop\gmer.zip> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:52 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf> in the current context!
Error: Unable to interpret <[2011.12.11 16:38:02 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk> in the current context!
Error: Unable to interpret <[2011.12.11 13:13:41 | 000,002,342 | ---- | M] () -- C:\WINDOWS\ST6UNST.001> in the current context!
Error: Unable to interpret <[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\*.tmp files -> C:\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.01.04 22:21:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.01.04 22:13:42 | 000,294,216 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\Desktop\gmer.zip> in the current context!
Error: Unable to interpret <[2012.01.04 21:32:52 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context!
Error: Unable to interpret <[2011.12.15 14:52:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_silabser_01007.Wdf> in the current context!
Error: Unable to interpret <[2011.12.11 16:38:04 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Anti-Twin.lnk> in the current context!
Error: Unable to interpret <[2011.12.11 16:38:02 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Anti-Twin.lnk> in the current context!
Error: Unable to interpret <[2011.12.11 13:13:25 | 000,002,342 | ---- | C] () -- C:\WINDOWS\ST6UNST.001> in the current context!
Error: Unable to interpret <[2011.10.10 16:10:27 | 000,076,088 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat> in the current context!
Error: Unable to interpret <[2011.09.05 19:12:38 | 000,000,409 | ---- | C] () -- C:\WINDOWS\songs.ini> in the current context!
Error: Unable to interpret <[2011.09.05 19:03:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\winzip32.ini> in the current context!
Error: Unable to interpret <[2011.08.28 17:39:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2011.08.24 15:42:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI> in the current context!
Error: Unable to interpret <[2011.07.11 21:45:07 | 000,340,021 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll> in the current context!
Error: Unable to interpret <[2011.06.18 16:32:31 | 000,000,234 | ---- | C] () -- C:\WINDOWS\HRDLog001.INI> in the current context!
Error: Unable to interpret <[2011.05.22 20:33:03 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI> in the current context!
Error: Unable to interpret <[2011.05.22 20:15:54 | 000,000,093 | ---- | C] () -- C:\WINDOWS\kjkjbas.INI> in the current context!
Error: Unable to interpret <[2011.05.22 20:15:54 | 000,000,092 | ---- | C] () -- C:\WINDOWS\kjkjERR.INI> in the current context!
Error: Unable to interpret <[2011.05.19 17:33:51 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI> in the current context!
Error: Unable to interpret <[2011.05.19 17:33:51 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2030.DAT> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:10 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:03 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:03 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL> in the current context!
Error: Unable to interpret <[2011.05.19 17:30:01 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI> in the current context!
Error: Unable to interpret <[2011.05.04 19:37:08 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2011.04.25 19:25:30 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll> in the current context!
Error: Unable to interpret <[2011.04.25 19:25:01 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll> in the current context!
Error: Unable to interpret <[2011.04.25 19:25:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\wgapiloc.dll> in the current context!
Error: Unable to interpret <[2011.04.11 10:42:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\MPMapTrace.dll> in the current context!
Error: Unable to interpret <[2011.04.11 09:34:16 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\mpPathan.dll> in the current context!
Error: Unable to interpret <[2011.03.17 17:50:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2011.03.08 20:49:16 | 000,002,778 | ---- | C] () -- C:\WINDOWS\DigiPan.INI> in the current context!
Error: Unable to interpret <[2011.02.24 19:38:52 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys> in the current context!
Error: Unable to interpret <[2011.02.20 10:47:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat> in the current context!
Error: Unable to interpret <[2011.02.17 19:03:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll> in the current context!
Error: Unable to interpret <[2011.02.17 16:44:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe> in the current context!
Error: Unable to interpret <[2011.02.17 16:17:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini> in the current context!
Error: Unable to interpret <[2009.01.27 19:10:59 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll> in the current context!
Error: Unable to interpret <[2009.01.27 19:04:16 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll> in the current context!
Error: Unable to interpret <[2009.01.27 19:00:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2009.01.27 18:53:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat> in the current context!
Error: Unable to interpret <[2009.01.27 18:40:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context!
Error: Unable to interpret <[2009.01.27 18:39:06 | 000,126,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2007.11.26 15:10:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\emcoinst.dll> in the current context!
Error: Unable to interpret <[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll> in the current context!
Error: Unable to interpret <[2007.03.23 03:03:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\emasio.dat> in the current context!
Error: Unable to interpret <[2006.12.13 15:03:14 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll> in the current context!
Error: Unable to interpret <[2006.06.10 05:17:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\emusba10.dat> in the current context!
Error: Unable to interpret <[2005.01.06 11:08:14 | 003,917,312 | ---- | C] () -- C:\Programme\profilab30.exe> in the current context!
Error: Unable to interpret <[2005.01.06 11:02:56 | 000,222,981 | ---- | C] () -- C:\Programme\profilab30.chm> in the current context!
Error: Unable to interpret <[2004.12.22 14:42:32 | 000,157,630 | ---- | C] () -- C:\Programme\all_hardware.htm> in the current context!
Error: Unable to interpret <[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat> in the current context!
Error: Unable to interpret <[2004.07.02 07:25:42 | 000,724,480 | ---- | C] () -- C:\Programme\dmm_easy.exe> in the current context!
Error: Unable to interpret <[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe> in the current context!
Error: Unable to interpret <[2002.08.29 02:54:14 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,458,476 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,084,318 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat> in the current context!
Error: Unable to interpret <[2000.09.19 11:16:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.SYS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011.04.24 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Orbit> in the current context!
Error: Unable to interpret <[2011.04.24 18:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ProgSense> in the current context!
Error: Unable to interpret <[2011.05.22 20:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Dev-Cpp> in the current context!
Error: Unable to interpret <[2011.05.18 03:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Foxit Software> in the current context!
Error: Unable to interpret <[2011.05.22 20:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\GetRightToGo> in the current context!
Error: Unable to interpret <[2011.05.22 20:46:05 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microchip> in the current context!
Error: Unable to interpret <[2012.01.04 23:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera> in the current context!
Error: Unable to interpret <[2012.01.06 14:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Orbit> in the current context!
Error: Unable to interpret <[2011.04.21 00:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\ProgSense> in the current context!
Error: Unable to interpret <[2011.06.11 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Telefónica> in the current context!
Error: Unable to interpret <[2011.05.24 02:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\TrueCrypt> in the current context!
Error: Unable to interpret <[2011.07.27 21:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\uTorrent> in the current context!
Error: Unable to interpret <[2011.02.17 18:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV> in the current context!
Error: Unable to interpret <[2009.01.27 19:06:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ConeXware> in the current context!
Error: Unable to interpret <[2011.08.28 17:32:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite> in the current context!
Error: Unable to interpret <[2011.02.17 19:10:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems> in the current context!
Error: Unable to interpret <[2011.07.22 20:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SeaTTY> in the current context!
Error: Unable to interpret <[2011.04.24 23:47:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK> in the current context!
Error: Unable to interpret <[2011.02.23 14:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Foxit Software> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %ALLUSERSPROFILE%\Application Data\*. >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %ALLUSERSPROFILE%\Application Data\*.exe /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %APPDATA%\*. >> in the current context!
Error: Unable to interpret <[2011.04.21 00:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Adobe> in the current context!
Error: Unable to interpret <[2011.05.21 02:52:02 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Brother> in the current context!
Error: Unable to interpret <[2011.05.22 20:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Dev-Cpp> in the current context!
Error: Unable to interpret <[2011.05.04 19:38:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\DivX> in the current context!
Error: Unable to interpret <[2011.05.18 03:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Foxit Software> in the current context!
Error: Unable to interpret <[2011.05.22 20:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\GetRightToGo> in the current context!
Error: Unable to interpret <[2011.04.21 00:13:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Identities> in the current context!
Error: Unable to interpret <[2011.04.23 19:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Macromedia> in the current context!
Error: Unable to interpret <[2012.01.04 21:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Malwarebytes> in the current context!
Error: Unable to interpret <[2011.05.22 20:46:05 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microchip> in the current context!
Error: Unable to interpret <[2011.05.19 21:56:43 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Microsoft> in the current context!
Error: Unable to interpret <[2011.04.28 19:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Mozilla> in the current context!
Error: Unable to interpret <[2012.01.04 23:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Opera> in the current context!
Error: Unable to interpret <[2012.01.06 14:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Orbit> in the current context!
Error: Unable to interpret <[2011.04.21 00:13:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\ProgSense> in the current context!
Error: Unable to interpret <[2011.04.21 17:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Sun> in the current context!
Error: Unable to interpret <[2011.06.11 05:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\Telefónica> in the current context!
Error: Unable to interpret <[2011.05.24 02:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\TrueCrypt> in the current context!
Error: Unable to interpret <[2011.07.27 21:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\uTorrent> in the current context!
Error: Unable to interpret <[2011.05.04 23:47:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\alex\Anwendungsdaten\vlc> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %APPDATA%\*.exe /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: AGP440.SYS  >> in the current context!
Error: Unable to interpret <[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys> in the current context!
Error: Unable to interpret <[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys> in the current context!
Error: Unable to interpret <[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys> in the current context!
Error: Unable to interpret <[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys> in the current context!
Error: Unable to interpret <[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: ATAPI.SYS  >> in the current context!
Error: Unable to interpret <[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\xp\I386\sp1.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys> in the current context!
Error: Unable to interpret <[2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys> in the current context!
Error: Unable to interpret <[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys> in the current context!
Error: Unable to interpret <[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: EVENTLOG.DLL  >> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NETLOGON.DLL  >> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: SCECLI.DLL  >> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USER32.DLL  >> in the current context!
Error: Unable to interpret <[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll> in the current context!
Error: Unable to interpret <[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll> in the current context!
Error: Unable to interpret <[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll> in the current context!
Error: Unable to interpret <[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll> in the current context!
Error: Unable to interpret <[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll> in the current context!
Error: Unable to interpret <[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USERINIT.EXE  >> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe> in the current context!
Error: Unable to interpret <[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe> in the current context!
Error: Unable to interpret <[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WINLOGON.EXE  >> in the current context!
Error: Unable to interpret <[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe> in the current context!
Error: Unable to interpret <[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe> in the current context!
Error: Unable to interpret <[2002.08.29 02:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe> in the current context!
Error: Unable to interpret <[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WS2IFSL.SYS  >> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys> in the current context!
Error: Unable to interpret <[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\drivers\*.sys /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\System32\config\*.sav >> in the current context!
Error: Unable to interpret <[2009.01.27 19:38:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav> in the current context!
Error: Unable to interpret <[2009.01.27 19:38:23 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav> in the current context!
Error: Unable to interpret <[2009.01.27 19:38:23 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\*. /mp /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\*.dll /lockedfiles >> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret << End of report >
         
--- --- --- > in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 01062012_204042

Alt 06.01.2012, 21:12   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Copy and Paste muss gelernt sein! Bitte vorher prüfen was du ins Textfenster von OTL reinkopierst! Mach es bitte richtig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 21:23   #11
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Gut, leider ist mir da ein Fehler unterlaufen.
Hoffe es hat jetzt funktioniert:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1801674531-725345543-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DesktopTwister deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 50428 bytes
->Temporary Internet Files folder emptied: 126731 bytes
 
User: Administrator
 
User: alex
->Temp folder emptied: 32346061 bytes
->Temporary Internet Files folder emptied: 29860941 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 114969545 bytes
->Opera cache emptied: 28052752 bytes
->Flash cache emptied: 51552 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112094 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Opera cache emptied: 2821 bytes
 
%systemdrive% .tmp files removed: 723 bytes
%systemroot% .tmp files removed: 1139136 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2675330 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 200,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01062012_211743

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 06.01.2012, 21:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.01.2012, 22:07   #13
menthol
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Abend Arne,

ein paar Einträge hat es als verdächtig erkannt, ich schätze und hoffe das sind Fehlalarme.
hier ist das neue LOG:

Code:
ATTFilter
21:57:45.0046 3356	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:57:47.0046 3356	============================================================
21:57:47.0046 3356	Current date / time: 2012/01/06 21:57:47.0046
21:57:47.0046 3356	SystemInfo:
21:57:47.0046 3356	
21:57:47.0046 3356	OS Version: 5.1.2600 ServicePack: 2.0
21:57:47.0046 3356	Product type: Workstation
21:57:47.0046 3356	ComputerName: ECHO
21:57:47.0046 3356	UserName: alex
21:57:47.0046 3356	Windows directory: C:\WINDOWS
21:57:47.0046 3356	System windows directory: C:\WINDOWS
21:57:47.0046 3356	Processor architecture: Intel x86
21:57:47.0046 3356	Number of processors: 1
21:57:47.0046 3356	Page size: 0x1000
21:57:47.0046 3356	Boot type: Normal boot
21:57:47.0046 3356	============================================================
21:57:48.0640 3356	Initialize success
21:57:51.0015 3600	============================================================
21:57:51.0015 3600	Scan started
21:57:51.0015 3600	Mode: Manual; 
21:57:51.0015 3600	============================================================
21:57:52.0656 3600	AbilisT         (9b097c9b68ab9369977dce68a7a0aa24) C:\WINDOWS\system32\Drivers\AbilisBdaTuner.sys
21:57:52.0671 3600	AbilisT - ok
21:57:52.0765 3600	Abiosdsk - ok
21:57:52.0859 3600	abp480n5 - ok
21:57:52.0984 3600	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:57:53.0015 3600	ACPI - ok
21:57:53.0140 3600	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:57:53.0140 3600	ACPIEC - ok
21:57:53.0265 3600	adpu160m - ok
21:57:53.0359 3600	aeaudio         (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
21:57:53.0359 3600	aeaudio - ok
21:57:53.0687 3600	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:57:53.0843 3600	aec - ok
21:57:53.0921 3600	AegisP          (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:57:53.0921 3600	AegisP - ok
21:57:54.0015 3600	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:57:54.0046 3600	AFD - ok
21:57:54.0109 3600	Aha154x - ok
21:57:54.0171 3600	aic78u2 - ok
21:57:54.0265 3600	aic78xx - ok
21:57:54.0406 3600	AliIde - ok
21:57:54.0437 3600	amsint - ok
21:57:54.0687 3600	arusb(TP-LINK)  (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
21:57:54.0734 3600	arusb(TP-LINK) - ok
21:57:54.0828 3600	asc - ok
21:57:54.0906 3600	asc3350p - ok
21:57:54.0953 3600	asc3550 - ok
21:57:55.0140 3600	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:57:55.0203 3600	AsyncMac - ok
21:57:55.0375 3600	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:57:55.0375 3600	atapi - ok
21:57:55.0468 3600	Atdisk - ok
21:57:55.0546 3600	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:57:55.0578 3600	Atmarpc - ok
21:57:55.0734 3600	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:57:55.0750 3600	audstub - ok
21:57:55.0843 3600	avgntdd         (596d9032091d3b21ee5949bd2f11def7) C:\WINDOWS\system32\DRIVERS\avgntdd.sys
21:57:55.0843 3600	avgntdd - ok
21:57:55.0953 3600	avgntmgr        (7d18976edfc9cb76b9fbb645608462c3) C:\WINDOWS\system32\DRIVERS\avgntmgr.sys
21:57:56.0000 3600	avgntmgr - ok
21:57:56.0187 3600	avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:57:56.0218 3600	avipbb - ok
21:57:56.0312 3600	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:57:56.0328 3600	Beep - ok
21:57:56.0468 3600	Bridge          (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:57:56.0484 3600	Bridge - ok
21:57:56.0546 3600	BridgeMP        (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:57:56.0546 3600	BridgeMP - ok
21:57:56.0703 3600	BrPar           (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
21:57:56.0703 3600	BrPar - ok
21:57:56.0828 3600	busenum         (cec1dbed5ea31801cdeb12833234f139) C:\WINDOWS\system32\DRIVERS\busenum.sys
21:57:56.0828 3600	busenum - ok
21:57:56.0984 3600	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:57:57.0000 3600	cbidf2k - ok
21:57:57.0093 3600	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:57:57.0109 3600	CCDECODE - ok
21:57:57.0140 3600	cd20xrnt - ok
21:57:57.0203 3600	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:57:57.0234 3600	Cdaudio - ok
21:57:57.0328 3600	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:57:57.0343 3600	Cdfs - ok
21:57:57.0437 3600	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:57:57.0437 3600	Cdrom - ok
21:57:57.0546 3600	Changer - ok
21:57:57.0750 3600	CmdIde - ok
21:57:57.0921 3600	Cpqarray - ok
21:57:58.0031 3600	dac2w2k - ok
21:57:58.0187 3600	dac960nt - ok
21:57:58.0343 3600	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:57:58.0359 3600	Disk - ok
21:57:58.0515 3600	DLPortIO        (1d95d36db805787d54eb50e45ed4af40) C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
21:57:58.0515 3600	DLPortIO - ok
21:57:58.0640 3600	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
21:57:58.0718 3600	dmboot - ok
21:57:58.0812 3600	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
21:57:58.0843 3600	dmio - ok
21:57:58.0921 3600	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:57:58.0953 3600	dmload - ok
21:57:59.0078 3600	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:57:59.0125 3600	DMusic - ok
21:57:59.0296 3600	dpti2o - ok
21:57:59.0421 3600	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:57:59.0437 3600	drmkaud - ok
21:57:59.0656 3600	dtsoftbus01     (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:57:59.0671 3600	dtsoftbus01 - ok
21:57:59.0765 3600	E1000           (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:57:59.0796 3600	E1000 - ok
21:57:59.0921 3600	emusba10        (0407b78faaa9437ffccd6c393d483309) C:\WINDOWS\system32\DRIVERS\emusba10.sys
21:57:59.0953 3600	emusba10 - ok
21:58:00.0140 3600	ewusbnet - ok
21:58:00.0203 3600	ew_hwusbdev - ok
21:58:00.0296 3600	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:58:00.0328 3600	Fastfat - ok
21:58:00.0437 3600	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:58:00.0453 3600	Fdc - ok
21:58:00.0546 3600	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
21:58:00.0593 3600	Fips - ok
21:58:00.0687 3600	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:58:00.0687 3600	Flpydisk - ok
21:58:00.0890 3600	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
21:58:00.0906 3600	FltMgr - ok
21:58:01.0031 3600	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:58:01.0031 3600	Fs_Rec - ok
21:58:01.0140 3600	FTDIBUS         (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
21:58:01.0171 3600	FTDIBUS - ok
21:58:01.0296 3600	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:58:01.0312 3600	Ftdisk - ok
21:58:01.0421 3600	FTSER2K         (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
21:58:01.0453 3600	FTSER2K - ok
21:58:01.0562 3600	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:58:01.0578 3600	Gpc - ok
21:58:01.0781 3600	grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
21:58:01.0796 3600	grmnusb - ok
21:58:01.0968 3600	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:58:01.0984 3600	HidUsb - ok
21:58:02.0078 3600	hpn - ok
21:58:02.0296 3600	HTTP            (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
21:58:02.0296 3600	HTTP - ok
21:58:02.0390 3600	huawei_enumerator - ok
21:58:02.0593 3600	hwdatacard - ok
21:58:02.0781 3600	i2omgmt - ok
21:58:02.0843 3600	i2omp - ok
21:58:02.0921 3600	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:58:02.0937 3600	i8042prt - ok
21:58:03.0093 3600	ialm            (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:58:03.0187 3600	ialm - ok
21:58:03.0312 3600	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:58:03.0328 3600	Imapi - ok
21:58:03.0437 3600	ini910u - ok
21:58:03.0515 3600	IntelIde - ok
21:58:03.0609 3600	intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:58:03.0640 3600	intelppm - ok
21:58:03.0734 3600	ip6fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
21:58:03.0734 3600	ip6fw - ok
21:58:03.0843 3600	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:58:03.0875 3600	IpFilterDriver - ok
21:58:04.0062 3600	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:58:04.0078 3600	IpInIp - ok
21:58:04.0203 3600	IpNat           (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:58:04.0203 3600	IpNat - ok
21:58:04.0312 3600	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:58:04.0328 3600	IPSec - ok
21:58:04.0562 3600	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:58:04.0578 3600	IRENUM - ok
21:58:04.0796 3600	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:58:04.0812 3600	isapnp - ok
21:58:04.0921 3600	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:58:04.0921 3600	Kbdclass - ok
21:58:05.0015 3600	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:58:05.0031 3600	kbdhid - ok
21:58:05.0140 3600	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:58:05.0156 3600	kmixer - ok
21:58:05.0328 3600	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
21:58:05.0359 3600	KSecDD - ok
21:58:05.0515 3600	lbrtfdc - ok
21:58:05.0640 3600	libusb0         (86f4c6bb7e50e178df08e747ec5c18c3) C:\WINDOWS\system32\DRIVERS\libusb0.sys
21:58:05.0671 3600	libusb0 - ok
21:58:05.0843 3600	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:58:05.0859 3600	mnmdd - ok
21:58:05.0953 3600	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
21:58:05.0968 3600	Modem - ok
21:58:06.0109 3600	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:58:06.0140 3600	Mouclass - ok
21:58:06.0250 3600	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:58:06.0250 3600	mouhid - ok
21:58:06.0406 3600	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:58:06.0437 3600	MountMgr - ok
21:58:06.0562 3600	MPE             (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
21:58:06.0562 3600	MPE - ok
21:58:06.0656 3600	mraid35x - ok
21:58:06.0781 3600	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:58:06.0812 3600	MRxDAV - ok
21:58:06.0953 3600	MRxSmb          (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:58:07.0000 3600	MRxSmb - ok
21:58:07.0265 3600	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:58:07.0281 3600	Msfs - ok
21:58:07.0531 3600	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:58:07.0531 3600	MSKSSRV - ok
21:58:07.0625 3600	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:58:07.0625 3600	MSPCLOCK - ok
21:58:07.0687 3600	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:58:07.0703 3600	MSPQM - ok
21:58:07.0781 3600	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:58:07.0781 3600	mssmbios - ok
21:58:07.0875 3600	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
21:58:07.0875 3600	MSTEE - ok
21:58:07.0953 3600	Mup             (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
21:58:07.0984 3600	Mup - ok
21:58:08.0062 3600	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:58:08.0078 3600	NABTSFEC - ok
21:58:08.0250 3600	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:58:08.0296 3600	NDIS - ok
21:58:08.0437 3600	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:58:08.0453 3600	NdisIP - ok
21:58:08.0546 3600	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:58:08.0546 3600	NdisTapi - ok
21:58:08.0671 3600	Ndisuio         (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:58:08.0687 3600	Ndisuio - ok
21:58:08.0781 3600	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:58:08.0796 3600	NdisWan - ok
21:58:08.0875 3600	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:58:08.0890 3600	NDProxy - ok
21:58:08.0968 3600	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:58:08.0968 3600	NetBIOS - ok
21:58:09.0062 3600	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:58:09.0078 3600	NetBT - ok
21:58:09.0437 3600	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:58:09.0453 3600	Npfs - ok
21:58:09.0593 3600	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
21:58:09.0671 3600	Ntfs - ok
21:58:09.0859 3600	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:58:09.0890 3600	Null - ok
21:58:09.0953 3600	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:58:09.0968 3600	NwlnkFlt - ok
21:58:10.0031 3600	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:58:10.0046 3600	NwlnkFwd - ok
21:58:10.0203 3600	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
21:58:10.0218 3600	Parport - ok
21:58:10.0296 3600	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:58:10.0296 3600	PartMgr - ok
21:58:10.0390 3600	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:58:10.0406 3600	ParVdm - ok
21:58:10.0546 3600	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
21:58:10.0562 3600	PCI - ok
21:58:10.0593 3600	PCIDump - ok
21:58:10.0656 3600	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:58:10.0687 3600	PCIIde - ok
21:58:10.0750 3600	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:58:10.0765 3600	Pcmcia - ok
21:58:10.0906 3600	PDCOMP - ok
21:58:10.0968 3600	PDFRAME - ok
21:58:11.0031 3600	PDRELI - ok
21:58:11.0109 3600	PDRFRAME - ok
21:58:11.0203 3600	perc2 - ok
21:58:11.0265 3600	perc2hib - ok
21:58:11.0531 3600	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:58:11.0546 3600	PptpMiniport - ok
21:58:11.0593 3600	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
21:58:11.0625 3600	Processor - ok
21:58:11.0718 3600	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:58:11.0750 3600	PSched - ok
21:58:11.0828 3600	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:58:11.0843 3600	Ptilink - ok
21:58:11.0953 3600	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:58:11.0968 3600	PxHelp20 - ok
21:58:12.0125 3600	ql1080 - ok
21:58:12.0187 3600	Ql10wnt - ok
21:58:12.0265 3600	ql12160 - ok
21:58:12.0328 3600	ql1240 - ok
21:58:12.0390 3600	ql1280 - ok
21:58:12.0500 3600	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:58:12.0515 3600	RasAcd - ok
21:58:12.0625 3600	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:58:12.0656 3600	Rasl2tp - ok
21:58:12.0796 3600	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:58:12.0812 3600	RasPppoe - ok
21:58:12.0843 3600	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:58:12.0859 3600	Raspti - ok
21:58:12.0921 3600	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:58:12.0984 3600	Rdbss - ok
21:58:13.0062 3600	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:58:13.0078 3600	RDPCDD - ok
21:58:13.0218 3600	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:58:13.0265 3600	rdpdr - ok
21:58:13.0390 3600	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:58:13.0406 3600	RDPWD - ok
21:58:13.0609 3600	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:58:13.0625 3600	redbook - ok
21:58:13.0906 3600	rspndr          (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:58:13.0921 3600	rspndr - ok
21:58:14.0046 3600	RTLWUSB         (0534004db838fd5ae5f64e8d78a544dd) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
21:58:14.0078 3600	RTLWUSB - ok
21:58:14.0234 3600	ScFBPNT2        (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
21:58:14.0234 3600	ScFBPNT2 - ok
21:58:14.0359 3600	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:58:14.0390 3600	Secdrv - ok
21:58:14.0656 3600	Ser2pl          (74bd6409a96ee31130613fe6a094594b) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:58:14.0671 3600	Ser2pl - ok
21:58:14.0812 3600	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:58:14.0828 3600	serenum - ok
21:58:14.0921 3600	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
21:58:14.0937 3600	Serial - ok
21:58:15.0125 3600	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:58:15.0125 3600	Sfloppy - ok
21:58:15.0265 3600	silabenm        (c16173316918a1360dc22947c4ff6352) C:\WINDOWS\system32\DRIVERS\silabenm.sys
21:58:15.0265 3600	silabenm - ok
21:58:15.0375 3600	silabser        (182f483ec274015d2b2110eda84e59d0) C:\WINDOWS\system32\DRIVERS\silabser.sys
21:58:15.0390 3600	silabser - ok
21:58:15.0437 3600	Simbad - ok
21:58:15.0500 3600	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:58:15.0515 3600	SLIP - ok
21:58:15.0640 3600	smwdm           (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
21:58:15.0703 3600	smwdm - ok
21:58:15.0781 3600	Sparrow - ok
21:58:15.0921 3600	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:58:15.0921 3600	splitter - ok
21:58:16.0078 3600	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
21:58:16.0125 3600	sr - ok
21:58:16.0265 3600	Srv             (7a0111577d8046633d5162a3ce15e9e1) C:\WINDOWS\system32\DRIVERS\srv.sys
21:58:16.0296 3600	Srv - ok
21:58:16.0437 3600	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:58:16.0468 3600	ssmdrv - ok
21:58:16.0593 3600	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:58:16.0593 3600	streamip - ok
21:58:16.0734 3600	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:58:16.0734 3600	swenum - ok
21:58:16.0875 3600	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:58:16.0890 3600	swmidi - ok
21:58:17.0031 3600	symc810 - ok
21:58:17.0109 3600	symc8xx - ok
21:58:17.0171 3600	sym_hi - ok
21:58:17.0234 3600	sym_u3 - ok
21:58:17.0375 3600	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:58:17.0390 3600	sysaudio - ok
21:58:17.0578 3600	Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:58:17.0609 3600	Tcpip - ok
21:58:17.0687 3600	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:58:17.0703 3600	TDPIPE - ok
21:58:17.0781 3600	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:58:17.0796 3600	TDTCP - ok
21:58:17.0921 3600	Teefer          (64e59fcf5f81f55442e8476ce8e54ca0) C:\WINDOWS\system32\Drivers\Teefer.sys
21:58:17.0937 3600	Teefer - ok
21:58:18.0062 3600	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:58:18.0109 3600	TermDD - ok
21:58:18.0218 3600	TosIde - ok
21:58:18.0343 3600	truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
21:58:18.0375 3600	truecrypt - ok
21:58:18.0515 3600	TVicPort        (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\TVicPort.sys
21:58:18.0531 3600	TVicPort - ok
21:58:18.0625 3600	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:58:18.0640 3600	Udfs - ok
21:58:18.0687 3600	ultra - ok
21:58:18.0812 3600	Update          (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
21:58:18.0843 3600	Update - ok
21:58:19.0000 3600	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:58:19.0031 3600	usbccgp - ok
21:58:19.0218 3600	usbehci         (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:58:19.0234 3600	usbehci - ok
21:58:19.0312 3600	usbhub          (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:58:19.0312 3600	usbhub - ok
21:58:19.0453 3600	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:58:19.0468 3600	usbprint - ok
21:58:19.0531 3600	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:58:19.0546 3600	usbscan - ok
21:58:19.0656 3600	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:58:19.0671 3600	USBSTOR - ok
21:58:19.0765 3600	usbuhci         (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:58:19.0781 3600	usbuhci - ok
21:58:19.0906 3600	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:58:19.0921 3600	VgaSave - ok
21:58:19.0984 3600	ViaIde - ok
21:58:20.0078 3600	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
21:58:20.0125 3600	VolSnap - ok
21:58:20.0296 3600	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:58:20.0328 3600	Wanarp - ok
21:58:20.0500 3600	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:58:20.0531 3600	Wdf01000 - ok
21:58:20.0593 3600	WDICA - ok
21:58:20.0671 3600	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:58:20.0703 3600	wdmaud - ok
21:58:20.0796 3600	wg3n            (8e95e30e9031c3ac25ec2455da19831f) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
21:58:20.0812 3600	wg3n - ok
21:58:21.0234 3600	wpsdrvnt        (f62a090f00c5b4e597e8aa4b1048ce05) C:\WINDOWS\System32\drivers\wpsdrvnt.sys
21:58:21.0250 3600	wpsdrvnt - ok
21:58:21.0406 3600	WSIMD           (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:58:21.0421 3600	WSIMD - ok
21:58:21.0578 3600	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:58:21.0578 3600	WSTCODEC - ok
21:58:21.0734 3600	ZDPSp50 - ok
21:58:21.0953 3600	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:58:22.0125 3600	\Device\Harddisk0\DR0 - ok
21:58:22.0187 3600	Boot (0x1200)   (e72545f0b6d14aee773c6bd46e0a8a60) \Device\Harddisk0\DR0\Partition0
21:58:22.0187 3600	\Device\Harddisk0\DR0\Partition0 - ok
21:58:22.0203 3600	============================================================
21:58:22.0203 3600	Scan finished
21:58:22.0203 3600	============================================================
21:58:22.0296 0624	Detected object count: 0
21:58:22.0296 0624	Actual detected object count: 0
22:00:26.0046 1944	============================================================
22:00:26.0046 1944	Scan started
22:00:26.0046 1944	Mode: Manual; SigCheck; TDLFS; 
22:00:26.0046 1944	============================================================
22:00:26.0562 1944	AbilisT         (9b097c9b68ab9369977dce68a7a0aa24) C:\WINDOWS\system32\Drivers\AbilisBdaTuner.sys
22:00:42.0203 1944	AbilisT - ok
22:00:42.0343 1944	Abiosdsk - ok
22:00:42.0375 1944	abp480n5 - ok
22:00:42.0453 1944	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:00:45.0453 1944	ACPI - ok
22:00:45.0609 1944	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:00:45.0859 1944	ACPIEC - ok
22:00:45.0906 1944	adpu160m - ok
22:00:45.0968 1944	aeaudio         (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:00:46.0265 1944	aeaudio - ok
22:00:46.0343 1944	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:00:46.0515 1944	aec - ok
22:00:46.0671 1944	AegisP          (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:00:46.0703 1944	AegisP ( UnsignedFile.Multi.Generic ) - warning
22:00:46.0703 1944	AegisP - detected UnsignedFile.Multi.Generic (1)
22:00:46.0781 1944	AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:00:46.0875 1944	AFD - ok
22:00:47.0000 1944	Aha154x - ok
22:00:47.0046 1944	aic78u2 - ok
22:00:47.0078 1944	aic78xx - ok
22:00:47.0125 1944	AliIde - ok
22:00:47.0156 1944	amsint - ok
22:00:47.0250 1944	arusb(TP-LINK)  (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
22:00:47.0359 1944	arusb(TP-LINK) - ok
22:00:47.0656 1944	asc - ok
22:00:47.0718 1944	asc3350p - ok
22:00:47.0750 1944	asc3550 - ok
22:00:47.0828 1944	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:00:48.0078 1944	AsyncMac - ok
22:00:48.0140 1944	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:00:48.0406 1944	atapi - ok
22:00:48.0453 1944	Atdisk - ok
22:00:48.0500 1944	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:00:48.0781 1944	Atmarpc - ok
22:00:49.0046 1944	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:00:49.0343 1944	audstub - ok
22:00:49.0421 1944	avgntdd         (596d9032091d3b21ee5949bd2f11def7) C:\WINDOWS\system32\DRIVERS\avgntdd.sys
22:00:49.0437 1944	avgntdd - ok
22:00:49.0515 1944	avgntmgr        (7d18976edfc9cb76b9fbb645608462c3) C:\WINDOWS\system32\DRIVERS\avgntmgr.sys
22:00:49.0531 1944	avgntmgr - ok
22:00:49.0609 1944	avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:00:49.0625 1944	avipbb - ok
22:00:49.0671 1944	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:00:49.0937 1944	Beep - ok
22:00:50.0093 1944	Bridge          (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:00:50.0328 1944	Bridge - ok
22:00:50.0343 1944	BridgeMP        (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:00:50.0562 1944	BridgeMP - ok
22:00:50.0640 1944	BrPar           (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
22:00:50.0687 1944	BrPar ( UnsignedFile.Multi.Generic ) - warning
22:00:50.0687 1944	BrPar - detected UnsignedFile.Multi.Generic (1)
22:00:50.0750 1944	busenum         (cec1dbed5ea31801cdeb12833234f139) C:\WINDOWS\system32\DRIVERS\busenum.sys
22:00:50.0906 1944	busenum - ok
22:00:50.0984 1944	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:00:51.0515 1944	cbidf2k - ok
22:00:51.0765 1944	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:00:52.0265 1944	CCDECODE - ok
22:00:52.0296 1944	cd20xrnt - ok
22:00:52.0375 1944	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:00:52.0687 1944	Cdaudio - ok
22:00:52.0765 1944	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:00:53.0187 1944	Cdfs - ok
22:00:53.0234 1944	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:00:53.0484 1944	Cdrom - ok
22:00:53.0531 1944	Changer - ok
22:00:53.0578 1944	CmdIde - ok
22:00:53.0625 1944	Cpqarray - ok
22:00:53.0750 1944	dac2w2k - ok
22:00:53.0781 1944	dac960nt - ok
22:00:53.0843 1944	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:00:54.0078 1944	Disk - ok
22:00:54.0156 1944	DLPortIO        (1d95d36db805787d54eb50e45ed4af40) C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
22:00:54.0171 1944	DLPortIO ( UnsignedFile.Multi.Generic ) - warning
22:00:54.0171 1944	DLPortIO - detected UnsignedFile.Multi.Generic (1)
22:00:54.0250 1944	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
22:00:54.0562 1944	dmboot - ok
22:00:54.0609 1944	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
22:00:54.0953 1944	dmio - ok
22:00:55.0156 1944	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:00:55.0343 1944	dmload - ok
22:00:55.0515 1944	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:00:55.0765 1944	DMusic - ok
22:00:55.0781 1944	dpti2o - ok
22:00:55.0890 1944	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:00:56.0218 1944	drmkaud - ok
22:00:56.0281 1944	dtsoftbus01     (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
22:00:56.0421 1944	dtsoftbus01 - ok
22:00:56.0500 1944	E1000           (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
22:00:56.0546 1944	E1000 - ok
22:00:56.0687 1944	emusba10        (0407b78faaa9437ffccd6c393d483309) C:\WINDOWS\system32\DRIVERS\emusba10.sys
22:00:56.0875 1944	emusba10 - ok
22:00:56.0921 1944	ewusbnet - ok
22:00:56.0937 1944	ew_hwusbdev - ok
22:00:56.0984 1944	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:00:57.0296 1944	Fastfat - ok
22:00:57.0375 1944	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:00:57.0671 1944	Fdc - ok
22:00:57.0750 1944	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
22:00:57.0953 1944	Fips - ok
22:00:58.0031 1944	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:00:58.0265 1944	Flpydisk - ok
22:00:58.0437 1944	FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
22:00:58.0593 1944	FltMgr - ok
22:00:58.0656 1944	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:00:58.0890 1944	Fs_Rec - ok
22:00:58.0937 1944	FTDIBUS         (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
22:00:58.0953 1944	FTDIBUS - ok
22:00:59.0000 1944	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:00:59.0234 1944	Ftdisk - ok
22:00:59.0312 1944	FTSER2K         (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
22:00:59.0328 1944	FTSER2K - ok
22:00:59.0375 1944	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:00:59.0640 1944	Gpc - ok
22:00:59.0796 1944	grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
22:00:59.0828 1944	grmnusb - ok
22:00:59.0921 1944	HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:00.0156 1944	HidUsb - ok
22:01:00.0171 1944	hpn - ok
22:01:00.0250 1944	HTTP            (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:00.0453 1944	HTTP - ok
22:01:00.0484 1944	huawei_enumerator - ok
22:01:00.0500 1944	hwdatacard - ok
22:01:00.0515 1944	i2omgmt - ok
22:01:00.0531 1944	i2omp - ok
22:01:00.0593 1944	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:01.0218 1944	i8042prt - ok
22:01:01.0406 1944	ialm            (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:01:01.0515 1944	ialm - ok
22:01:01.0656 1944	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:02.0312 1944	Imapi - ok
22:01:02.0359 1944	ini910u - ok
22:01:02.0562 1944	IntelIde - ok
22:01:02.0625 1944	intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:02.0843 1944	intelppm - ok
22:01:02.0906 1944	ip6fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
22:01:03.0125 1944	ip6fw - ok
22:01:03.0203 1944	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:03.0421 1944	IpFilterDriver - ok
22:01:03.0578 1944	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:03.0828 1944	IpInIp - ok
22:01:03.0906 1944	IpNat           (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:04.0078 1944	IpNat - ok
22:01:04.0140 1944	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:04.0406 1944	IPSec - ok
22:01:04.0484 1944	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:04.0656 1944	IRENUM - ok
22:01:04.0750 1944	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:04.0953 1944	isapnp - ok
22:01:05.0109 1944	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:05.0375 1944	Kbdclass - ok
22:01:05.0437 1944	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:05.0640 1944	kbdhid - ok
22:01:05.0703 1944	kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:05.0843 1944	kmixer - ok
22:01:05.0890 1944	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:06.0171 1944	KSecDD - ok
22:01:06.0234 1944	lbrtfdc - ok
22:01:06.0312 1944	libusb0         (86f4c6bb7e50e178df08e747ec5c18c3) C:\WINDOWS\system32\DRIVERS\libusb0.sys
22:01:21.0515 1944	libusb0 - ok
22:01:21.0828 1944	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:22.0031 1944	mnmdd - ok
22:01:22.0125 1944	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
22:01:22.0390 1944	Modem - ok
22:01:22.0468 1944	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:22.0703 1944	Mouclass - ok
22:01:22.0781 1944	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:22.0984 1944	mouhid - ok
22:01:23.0296 1944	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:23.0625 1944	MountMgr - ok
22:01:23.0671 1944	MPE             (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:01:23.0875 1944	MPE - ok
22:01:23.0890 1944	mraid35x - ok
22:01:23.0937 1944	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:24.0078 1944	MRxDAV - ok
22:01:24.0171 1944	MRxSmb          (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:24.0250 1944	MRxSmb - ok
22:01:24.0328 1944	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:24.0578 1944	Msfs - ok
22:01:24.0781 1944	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:24.0984 1944	MSKSSRV - ok
22:01:25.0046 1944	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:25.0359 1944	MSPCLOCK - ok
22:01:25.0421 1944	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:25.0609 1944	MSPQM - ok
22:01:25.0703 1944	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:25.0984 1944	mssmbios - ok
22:01:26.0156 1944	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
22:01:26.0343 1944	MSTEE - ok
22:01:26.0421 1944	Mup             (f66b6b1cddee6ca87cefc016eb7a0d8e) C:\WINDOWS\system32\drivers\Mup.sys
22:01:26.0593 1944	Mup - ok
22:01:26.0640 1944	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:01:26.0859 1944	NABTSFEC - ok
22:01:26.0937 1944	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:27.0234 1944	NDIS - ok
22:01:27.0281 1944	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:01:27.0484 1944	NdisIP - ok
22:01:27.0531 1944	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:27.0734 1944	NdisTapi - ok
22:01:28.0078 1944	Ndisuio         (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:28.0234 1944	Ndisuio - ok
22:01:28.0515 1944	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:28.0984 1944	NdisWan - ok
22:01:29.0046 1944	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:29.0265 1944	NDProxy - ok
22:01:29.0328 1944	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:29.0593 1944	NetBIOS - ok
22:01:29.0656 1944	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:29.0875 1944	NetBT - ok
22:01:30.0125 1944	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:30.0343 1944	Npfs - ok
22:01:30.0468 1944	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:30.0781 1944	Ntfs - ok
22:01:30.0859 1944	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:31.0046 1944	Null - ok
22:01:31.0468 1944	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:31.0859 1944	NwlnkFlt - ok
22:01:31.0890 1944	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:32.0296 1944	NwlnkFwd - ok
22:01:32.0390 1944	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:32.0578 1944	Parport - ok
22:01:32.0750 1944	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:33.0000 1944	PartMgr - ok
22:01:33.0093 1944	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:33.0296 1944	ParVdm - ok
22:01:33.0359 1944	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:33.0546 1944	PCI - ok
22:01:33.0609 1944	PCIDump - ok
22:01:33.0656 1944	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:33.0875 1944	PCIIde - ok
22:01:33.0968 1944	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:34.0187 1944	Pcmcia - ok
22:01:34.0281 1944	PDCOMP - ok
22:01:34.0718 1944	PDFRAME - ok
22:01:34.0734 1944	PDRELI - ok
22:01:34.0750 1944	PDRFRAME - ok
22:01:34.0781 1944	perc2 - ok
22:01:34.0781 1944	perc2hib - ok
22:01:34.0890 1944	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:35.0062 1944	PptpMiniport - ok
22:01:35.0125 1944	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
22:01:35.0312 1944	Processor - ok
22:01:35.0390 1944	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:35.0562 1944	PSched - ok
22:01:35.0640 1944	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:36.0296 1944	Ptilink - ok
22:01:36.0453 1944	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:01:51.0609 1944	PxHelp20 - ok
22:01:51.0703 1944	ql1080 - ok
22:01:51.0765 1944	Ql10wnt - ok
22:01:51.0796 1944	ql12160 - ok
22:01:51.0828 1944	ql1240 - ok
22:01:51.0859 1944	ql1280 - ok
22:01:51.0921 1944	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:52.0312 1944	RasAcd - ok
22:01:52.0390 1944	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:52.0765 1944	Rasl2tp - ok
22:01:52.0812 1944	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:53.0031 1944	RasPppoe - ok
22:01:53.0093 1944	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:53.0312 1944	Raspti - ok
22:01:53.0500 1944	Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:53.0640 1944	Rdbss - ok
22:01:53.0718 1944	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:54.0375 1944	RDPCDD - ok
22:01:54.0453 1944	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:01:54.0625 1944	rdpdr - ok
22:01:54.0703 1944	RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:54.0812 1944	RDPWD - ok
22:01:54.0890 1944	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:55.0093 1944	redbook - ok
22:01:55.0265 1944	rspndr          (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:01:55.0296 1944	rspndr - ok
22:01:55.0375 1944	RTLWUSB         (0534004db838fd5ae5f64e8d78a544dd) C:\WINDOWS\system32\DRIVERS\RTL8187.sys
22:01:55.0421 1944	RTLWUSB ( UnsignedFile.Multi.Generic ) - warning
22:01:55.0421 1944	RTLWUSB - detected UnsignedFile.Multi.Generic (1)
22:01:55.0484 1944	ScFBPNT2        (50b724c9d03111245df270bc3f49f04d) C:\WINDOWS\system32\drivers\ScFBPNT2.SYS
22:01:55.0515 1944	ScFBPNT2 ( UnsignedFile.Multi.Generic ) - warning
22:01:55.0515 1944	ScFBPNT2 - detected UnsignedFile.Multi.Generic (1)
22:01:55.0578 1944	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:55.0640 1944	Secdrv - ok
22:01:55.0796 1944	Ser2pl          (74bd6409a96ee31130613fe6a094594b) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
22:01:55.0859 1944	Ser2pl - ok
22:01:55.0937 1944	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:56.0125 1944	serenum - ok
22:01:56.0187 1944	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:56.0390 1944	Serial - ok
22:01:56.0453 1944	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:56.0625 1944	Sfloppy - ok
22:01:56.0671 1944	silabenm        (c16173316918a1360dc22947c4ff6352) C:\WINDOWS\system32\DRIVERS\silabenm.sys
22:01:56.0734 1944	silabenm - ok
22:01:56.0875 1944	silabser        (182f483ec274015d2b2110eda84e59d0) C:\WINDOWS\system32\DRIVERS\silabser.sys
22:01:56.0906 1944	silabser - ok
22:01:56.0953 1944	Simbad - ok
22:01:57.0000 1944	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:01:57.0218 1944	SLIP - ok
22:01:57.0312 1944	smwdm           (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
22:01:57.0375 1944	smwdm - ok
22:01:57.0421 1944	Sparrow - ok
22:01:57.0484 1944	splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:57.0625 1944	splitter - ok
22:01:57.0703 1944	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:57.0875 1944	sr - ok
22:01:58.0015 1944	Srv             (7a0111577d8046633d5162a3ce15e9e1) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:58.0062 1944	Srv - ok
22:01:58.0125 1944	ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:01:58.0171 1944	ssmdrv ( UnsignedFile.Multi.Generic ) - warning
22:01:58.0171 1944	ssmdrv - detected UnsignedFile.Multi.Generic (1)
22:01:58.0265 1944	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:01:58.0437 1944	streamip - ok
22:01:58.0515 1944	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:58.0718 1944	swenum - ok
22:01:58.0828 1944	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:59.0046 1944	swmidi - ok
22:01:59.0093 1944	symc810 - ok
22:01:59.0109 1944	symc8xx - ok
22:01:59.0125 1944	sym_hi - ok
22:01:59.0156 1944	sym_u3 - ok
22:01:59.0187 1944	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:59.0390 1944	sysaudio - ok
22:01:59.0500 1944	Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:59.0640 1944	Tcpip - ok
22:01:59.0687 1944	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:59.0875 1944	TDPIPE - ok
22:02:00.0000 1944	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:00.0203 1944	TDTCP - ok
22:02:00.0468 1944	Teefer          (64e59fcf5f81f55442e8476ce8e54ca0) C:\WINDOWS\system32\Drivers\Teefer.sys
22:02:00.0484 1944	Teefer ( UnsignedFile.Multi.Generic ) - warning
22:02:00.0484 1944	Teefer - detected UnsignedFile.Multi.Generic (1)
22:02:00.0546 1944	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:00.0828 1944	TermDD - ok
22:02:01.0000 1944	TosIde - ok
22:02:01.0078 1944	truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys
22:02:01.0218 1944	truecrypt - ok
22:02:01.0250 1944	TVicPort        (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\TVicPort.sys
22:02:01.0265 1944	TVicPort ( UnsignedFile.Multi.Generic ) - warning
22:02:01.0265 1944	TVicPort - detected UnsignedFile.Multi.Generic (1)
22:02:01.0312 1944	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:02:01.0750 1944	Udfs - ok
22:02:01.0906 1944	ultra - ok
22:02:02.0140 1944	Update          (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
22:02:02.0531 1944	Update - ok
22:02:02.0718 1944	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:02:02.0906 1944	usbccgp - ok
22:02:03.0000 1944	usbehci         (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:02:03.0062 1944	usbehci - ok
22:02:03.0125 1944	usbhub          (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:02:03.0171 1944	usbhub - ok
22:02:03.0390 1944	usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:02:03.0609 1944	usbprint - ok
22:02:03.0765 1944	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:02:03.0953 1944	usbscan - ok
22:02:04.0046 1944	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:02:04.0437 1944	USBSTOR - ok
22:02:04.0515 1944	usbuhci         (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:02:04.0750 1944	usbuhci - ok
22:02:04.0859 1944	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:02:05.0187 1944	VgaSave - ok
22:02:05.0281 1944	ViaIde - ok
22:02:05.0453 1944	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
22:02:05.0828 1944	VolSnap - ok
22:02:06.0046 1944	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:02:06.0375 1944	Wanarp - ok
22:02:06.0687 1944	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:02:06.0718 1944	Wdf01000 - ok
22:02:06.0765 1944	WDICA - ok
22:02:06.0843 1944	wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:02:07.0218 1944	wdmaud - ok
22:02:07.0296 1944	wg3n            (8e95e30e9031c3ac25ec2455da19831f) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
22:02:07.0328 1944	wg3n ( UnsignedFile.Multi.Generic ) - warning
22:02:07.0328 1944	wg3n - detected UnsignedFile.Multi.Generic (1)
22:02:07.0515 1944	wpsdrvnt        (f62a090f00c5b4e597e8aa4b1048ce05) C:\WINDOWS\System32\drivers\wpsdrvnt.sys
22:02:07.0609 1944	wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
22:02:07.0609 1944	wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
22:02:07.0718 1944	WSIMD           (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:02:07.0734 1944	WSIMD ( UnsignedFile.Multi.Generic ) - warning
22:02:07.0734 1944	WSIMD - detected UnsignedFile.Multi.Generic (1)
22:02:07.0828 1944	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:02:08.0218 1944	WSTCODEC - ok
22:02:08.0515 1944	ZDPSp50 - ok
22:02:08.0625 1944	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:02:09.0359 1944	\Device\Harddisk0\DR0 - ok
22:02:09.0390 1944	Boot (0x1200)   (e72545f0b6d14aee773c6bd46e0a8a60) \Device\Harddisk0\DR0\Partition0
22:02:09.0390 1944	\Device\Harddisk0\DR0\Partition0 - ok
22:02:09.0406 1944	============================================================
22:02:09.0406 1944	Scan finished
22:02:09.0406 1944	============================================================
22:02:09.0531 1640	Detected object count: 11
22:02:09.0531 1640	Actual detected object count: 11
22:02:26.0109 1640	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0109 1640	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0109 1640	BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0109 1640	BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0109 1640	DLPortIO ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0109 1640	DLPortIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0140 1640	RTLWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0140 1640	RTLWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0140 1640	ScFBPNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0140 1640	ScFBPNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0140 1640	ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0140 1640	ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0171 1640	Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0171 1640	Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0171 1640	TVicPort ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0171 1640	TVicPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0171 1640	wg3n ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0171 1640	wg3n ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0171 1640	wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0171 1640	wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:02:26.0171 1640	WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:26.0171 1640	WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.01.2012, 22:20   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"BKA EXPLOIT" EXP/CVE-2011-3544.AM'  Desktop nicht mehr zugänglich. - Standard

"BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.
0x00000001, 100 eur, administrator, antivir, application/pdf, application/pdf:, avira, bho, bka exploit, bka virus, browser, daten sichern, desktop, einstellungen, error, firefox, fontcache, format, helper, homepage, karte, libusb0.sys, logfile, microsoft, object, programm, realtek, registry, required, rundll, software, synology, taskmanager, temp, virus, win32k.sys, winlogon.exe, zugänglich



Ähnliche Themen: "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich.


  1. "EXP/CVE-2011-3402' [exploit]" heute gefunden und (bereits länger) "Server ist ausgelastet" Meldung
    Log-Analyse und Auswertung - 17.12.2013 (3)
  2. Exploit.Java.CVE-2011-3544.jy + Weitere Viren?
    Log-Analyse und Auswertung - 20.12.2012 (34)
  3. Java/Exploit.CVE-2011-3544.BR trojan
    Log-Analyse und Auswertung - 28.11.2012 (14)
  4. Auch keinen Zugriff mehr aufden Desktop "Webseite kann nicht angezeigt werden"
    Log-Analyse und Auswertung - 09.08.2012 (1)
  5. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  6. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  7. Desinfec't 2012/Kaspersky findet Exploit.Java.CVE-2011-3544.** und Exploit.Java.CVE-2012-0507.**
    Mülltonne - 11.06.2012 (0)
  8. Panda Cloud AntiVirus PRo findet zwei Exploit CVE-2011-3544 Trojaner
    Log-Analyse und Auswertung - 17.05.2012 (20)
  9. Java-Script Virus: Exploit: Java/CVE-2011-3544.gen!E
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  10. Trojaner Exploit.Java.CVE-2011-3544.jh & Virus P2P-Worm.Win23.Palevo.nzl
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (5)
  11. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  12. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)
  13. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  14. AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (11)
  15. Drahtlose Netzwerkverbindung nur mit "Reparieren" als Admin zugänglich (XP)
    Alles rund um Windows - 14.07.2011 (22)
  16. Kann nichts mehr runterladen, auch nicht "HiJack This"! ("Your Computer is infected")
    Plagegeister aller Art und deren Bekämpfung - 21.10.2008 (9)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich. - Hallo, anscheinend habe auch ich mir diesen "BKA Virus" eingefangen. Beim Start des Systems wird mein Antivir Virescanner scheinbar deaktiviert, in der Tray ist das Symbol nicht mehr zu sehen. - "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich....
Archiv
Du betrachtest: "BKA EXPLOIT" EXP/CVE-2011-3544.AM' Desktop nicht mehr zugänglich. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.