GVU Trojaner - PC gesperrt - Windows XP

Ockenator · 15.05.2013, 21:53

Hallo liebe TBs,
wie ich bei Suchen im Forum feststellen konnte, haben einige Nutzer das gleiche Problem wie ich : Beim Surfen im Internet wurde plötzlich der PC gesperrt mit einer Meldung der GVU, dass man gegen gewisse Gesetze verstoßen hat und sich darum über paysafe für 100 EUR "freikaufen" kann. Nach einigem Googeln auf meinem anderen Rechner gehe ich davon aus, dass wir uns den tollen GVU Trojaner eingefangen haben.
Der PC ist ein Samsung Netbook N140 mit Windows XP. Beim Starten des Rechners kommt nach der Anmeldung des Nutzers (wir haben nur einen Nutzer eingerichtet) sofort die GVU-Sperre auf.

Anhand der anderen Threads zum Thema vermute ich, dass ich jetzt erstmal im abgesicherten Modus starten und Logfiles erstellen muss? Falls dem so ist, wäre ich für eine detaillierte Beschreibung sehr dankbar.

Mir sind vor allem meine Emails in Outlook Express sehr wichtig, da darin mein gesamter Mailverkehr der letzten Jahre abgelegt ist (und ich davon schlauerweise natürlich keine Sicherheitskopie gemacht habe).. :-(

Für eure Hilfe bin ich euch schon im Voraus dankbar!

markusg · 15.05.2013, 22:07

hi
versuch mal neuzustarten, drücke f8 und wähle den abges modus.
dann versuche via stick otl rüberzukopieren.
logs dann auf dem selben Weg auf das andere System zum posten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Ockenator · 18.05.2013, 12:23

Hi Markusg,

sorry für meine verspätete Annwort - kam leider nicht früher dazu, deine Tipps zu befolgen.

Jedenfalls hab ich das Problem, dass ich die Kiste nicht mal im abgesicherten Modus starten kann - alle 3 Optionen (abgesicherter Modus, abgesicherter Modus mit Eingabeauffordung, abgesicherter Modus mit Netzwerktreiber) führt unmittelbar zu einem Bluescreen woraufhin dann der Samsung Load Screen erscheint und ich dann anschließend wieder im Auswahlmenü für den abgesicherten Modus lande..

Irgendwelche Ideen?

Muss um jeden Preis an meine Daten rankommen

Vielen Dank vorab und ein wunderschönes Wochenende!

markusg · 20.05.2013, 11:48

hi,
kommst du an nen pc mit brenner?
download:
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die

Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe

• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Ockenator · 20.05.2013, 19:37

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/20/2013 9:21:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 817.00 Mb Available Physical Memory | 81.00% Memory free
902.00 Mb Paging File | 844.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 59.05 Gb Total Space | 21.10 Gb Free Space | 35.73% Space Free | Partition Type: NTFS
Drive D: | 83.00 Gb Total Space | 20.33 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
Drive E: | 3.78 Gb Total Space | 3.73 Gb Free Space | 98.88% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2012/11/28 05:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/26 12:06:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/03 04:44:46 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2012/05/08 12:43:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 12:43:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/03 08:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/04/30 15:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/05/19 13:39:46 | 000,066,792 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- (SRS_WOWXT_Service)
SRV - [2007/12/05 06:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/11/26 08:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/06/27 12:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/04/03 03:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2013/04/03 03:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/06/03 04:44:46 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/05/08 12:43:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 12:43:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/05/03 08:07:08 | 000,526,608 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/04/30 15:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/01/09 12:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/01/09 12:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/01/09 12:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/28 19:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/01 05:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)
DRV - [2009/06/18 23:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/06/18 23:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/04 01:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/23 02:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/18 13:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/05/01 09:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2009/04/15 21:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/02/06 12:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 20:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/02/04 20:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/11/26 08:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 08:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 08:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/11/26 08:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/10/27 00:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Ockenator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\Ockenator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Programme\Comodo\HopSurfToolbar\hopsurfext_ff3_5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/05/23 00:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/09/26 12:06:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/29 13:46:27 | 000,000,000 | ---D | M]
 
[2012/02/18 15:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/09/26 12:06:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[1999/12/31 11:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/26 12:06:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/26 12:06:06 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/09/26 12:06:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/26 12:06:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/26 12:06:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/26 12:06:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} -  File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MagicKeyboard]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SUPBackground]  File not found
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\Ockenator_ON_C..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\Ockenator_ON_C..\Run: [BatteryLifeExtender]  File not found
O4 - HKU\Ockenator_ON_C..\Run: [KiesAirMessage]  File not found
O4 - HKU\Ockenator_ON_C..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\Ockenator_ON_C..\Run: [Spotify] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Ockenator_ON_C..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\Ockenator_ON_C..\Run: [SpriteService]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ockenator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe) -  File not found
O20 - HKU\Ockenator_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Ockenator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/05 09:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/18 05:36:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/18 05:31:54 | 000,000,000 | ---D | C] -- C:\8a7819e540a0dc55a5069c
[2013/05/12 13:45:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\SelfMV
[2013/05/12 13:32:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\Handykontakte
[2013/05/12 13:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump
[2013/05/12 13:25:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log
[2013/05/12 13:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Samsung
[2013/05/12 13:24:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung
[2013/05/12 13:24:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\samsung
[2013/05/12 13:11:59 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2013/05/12 13:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2013/05/12 13:05:27 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2013/05/12 13:05:25 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2013/05/12 13:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec
[2013/05/12 13:01:45 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec
[2013/05/12 12:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung
[2013/05/12 12:58:25 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2013/05/12 12:58:19 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/05/12 12:55:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2013/05/12 12:55:51 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2013/05/12 12:53:22 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2013/05/12 12:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2013/05/12 12:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/18 07:30:25 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini
[2013/05/18 07:29:28 | 000,000,261 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2013/05/18 07:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/18 07:26:15 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/18 07:20:25 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/18 05:30:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/18 05:01:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/13 15:49:09 | 000,680,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf
[2013/05/12 16:41:48 | 000,093,568 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/05/12 14:09:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/05/12 14:09:15 | 000,193,536 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/12 13:23:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/05/12 13:11:58 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk
[2013/05/12 13:06:51 | 000,001,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk
[2013/05/12 13:06:51 | 000,001,597 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk
[2013/05/12 13:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec
[2013/05/12 12:58:50 | 000,001,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/12 12:58:50 | 000,001,615 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/12 12:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung
[2013/05/12 12:55:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/05/12 12:55:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/05/12 12:40:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/05/07 00:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/15 09:01:37 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini
[2013/05/13 15:49:07 | 000,680,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf
[2013/05/12 16:41:48 | 000,093,568 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/05/12 13:23:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/05/12 13:11:57 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk
[2013/05/12 13:06:51 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk
[2013/05/12 13:06:51 | 000,001,597 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk
[2013/05/12 12:58:50 | 000,001,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2013/05/12 12:58:49 | 000,001,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2013/05/12 12:40:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2013/04/18 13:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/04/18 13:06:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/04/18 13:06:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/04/18 13:06:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/04/18 13:06:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/10/13 11:20:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/05/07 12:28:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/27 05:37:53 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2012/02/27 05:37:53 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2012/02/16 02:28:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 22:51:11 | 000,001,011 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/03 23:15:37 | 000,000,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\setup64
[2011/06/20 16:47:41 | 000,003,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\.recently-used.xbel
[2010/05/31 16:08:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/01/11 17:16:41 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/19 18:12:23 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\$_hpcst$.hpc
[2009/11/12 08:37:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/10/09 06:47:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/09 06:47:01 | 000,193,536 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/09 06:05:15 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/10/08 23:35:33 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Ockenator_KBD.ini
[2009/10/08 18:52:10 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/08 18:46:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/10/08 18:41:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/08 18:31:36 | 000,000,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\RSTable.dat
[2009/10/08 18:31:35 | 000,000,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdskr01.dat
[2009/10/08 18:31:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdhkr01.dat
[2009/10/08 18:31:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdstr01.dat
[2009/10/08 18:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/05 19:35:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/05 18:01:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/05 18:01:34 | 000,449,842 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009/08/05 18:01:34 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009/08/05 18:01:34 | 000,081,314 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009/08/05 18:01:34 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009/08/05 18:01:26 | 000,433,470 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/05 18:01:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/05 18:01:26 | 000,068,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/05 18:01:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/05 18:01:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/05 18:01:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/05 18:01:25 | 000,122,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat
[2009/08/05 18:01:25 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/05 18:01:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/05 18:01:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/05 18:01:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/05 18:01:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/05 18:01:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/05 10:47:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe
[2009/08/05 10:19:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/05 10:18:56 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/05 09:40:45 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/08/05 09:40:45 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini
[2009/08/05 09:40:42 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/08/05 09:40:42 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/08/05 09:40:42 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/08/05 09:40:42 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/08/05 09:40:42 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/08/05 09:40:42 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/08/05 09:40:42 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/08/05 09:40:42 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/08/05 09:40:42 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/08/05 09:40:42 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/08/05 09:40:42 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/08/05 09:40:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/08/05 09:40:42 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/08/05 09:35:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini
[2009/08/05 09:34:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/05 09:34:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/08/05 09:34:05 | 000,233,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/08/05 09:31:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe
[2009/08/05 09:31:31 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/08/05 09:29:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 09:25:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/20 04:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/05/01 10:24:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\osdauth.dat
[2009/05/01 09:41:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\OSDSig.dat
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/26 10:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009/08/05 19:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Adguhi
[2010/12/07 18:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Amazon
[2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Buqiir
[2012/07/22 14:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Caito
[2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canneverbe Limited
[2010/06/20 13:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canon
[2012/05/12 07:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\CheckPoint
[2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Daogf
[2009/10/13 16:54:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\DonationCoder
[2012/01/16 12:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Dropbox
[2012/09/03 14:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\elsterformular
[2011/06/20 16:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\gtk-2.0
[2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Puokag
[2012/08/14 06:35:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Qamey
[2013/05/12 13:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung
[2013/05/15 14:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify
[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite PC Agent
[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Setup Wizard
[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Software
[2012/02/02 15:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\uTorrent
[2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2009/10/09 07:36:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/06/16 18:29:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2010/06/20 13:55:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2012/05/12 07:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012/02/19 18:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA
[2009/10/13 16:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
[2012/09/03 14:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009/10/09 06:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2012/02/18 18:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nF38702JjNdL38702
[2013/05/12 13:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SAMSUNG
[2009/10/08 23:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2009/10/09 09:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinClon
[2009/08/05 09:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2013/05/18 05:31:55 | 000,000,000 | ---D | M] -- C:\8a7819e540a0dc55a5069c
[2013/05/18 05:37:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011/02/27 11:25:35 | 000,000,000 | R--D | M] -- C:\Damien Rice
[2010/03/19 10:08:40 | 000,000,000 | ---D | M] -- C:\DirectX
[2009/10/08 23:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010/12/16 19:58:38 | 000,000,000 | ---D | M] -- C:\Ey mann wo is mein Auto
[2009/08/05 09:31:57 | 000,000,000 | ---D | M] -- C:\Intel
[2013/05/12 13:01:45 | 000,000,000 | R--D | M] -- C:\Programme
[2009/10/09 00:08:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013/03/24 12:35:23 | 000,000,000 | ---D | M] -- C:\sd karte
[2012/09/24 16:39:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/02/18 15:53:33 | 000,000,000 | ---D | M] -- C:\Temp
[2013/05/18 07:27:42 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010/11/11 08:08:46 | 000,000,000 | ---D | M] -- C:\Wohnung
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009/08/05 11:18:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/08/05 11:18:33 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/08/05 11:18:33 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2013/03/01 21:53:29 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2013/03/01 21:53:30 | 002,004,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >

--- --- ---

markusg · 20.05.2013, 20:00

bauf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe) -  File not found
O20 - HKU\Ockenator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat
()
[2013/05/18 07:30:25 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Ockenator · 20.05.2013, 22:20

Error: Unable to interpret <OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/20/2013 9:21:48 PM - Run > in the current context!
Error: Unable to interpret <OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE> in the current context!
Error: Unable to interpret <Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.18702)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1,014.00 Mb Total Physical Memory | 817.00 Mb Available Physical Memory | 81.00% Memory free> in the current context!
Error: Unable to interpret <902.00 Mb Paging File | 844.00 Mb Available in Paging File | 94.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme> in the current context!
Error: Unable to interpret <Drive C: | 59.05 Gb Total Space | 21.10 Gb Free Space | 35.73% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 83.00 Gb Total Space | 20.33 Gb Free Space | 24.49% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 3.78 Gb Total Space | 3.73 Gb Free Space | 98.88% Space Free | Partition Type: FAT32> in the current context!
Error: Unable to interpret <Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: REATOGO | User Name: SYSTEM> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret <Using ControlSet: ControlSet003> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - File not found [Disabled] --  -- (HidServ)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand] --  -- (AppMgmt)> in the current context!
Error: Unable to interpret <SRV - [2012/11/28 05:33:11 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)> in the current context!
Error: Unable to interpret <SRV - [2012/11/09 06:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)> in the current context!
Error: Unable to interpret <SRV - [2012/09/26 12:06:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)> in the current context!
Error: Unable to interpret <SRV - [2012/06/03 04:44:46 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)> in the current context!
Error: Unable to interpret <SRV - [2012/05/08 12:43:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context!
Error: Unable to interpret <SRV - [2012/05/08 12:43:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context!
Error: Unable to interpret <SRV - [2012/05/03 08:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)> in the current context!
Error: Unable to interpret <SRV - [2012/04/30 15:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)> in the current context!
Error: Unable to interpret <SRV - [2009/05/19 13:39:46 | 000,066,792 | ---- | M] (SRS Labs, Inc.) [Auto] -- C:\Programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe -- (SRS_WOWXT_Service)> in the current context!
Error: Unable to interpret <SRV - [2007/12/05 06:34:52 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)> in the current context!
Error: Unable to interpret <SRV - [2007/11/26 08:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)> in the current context!
Error: Unable to interpret <SRV - [2007/06/27 12:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (WDICA)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (PCIDump)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (lbrtfdc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (i2omgmt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System] --  -- (Changer)> in the current context!
Error: Unable to interpret <DRV - [2013/04/03 03:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)> in the current context!
Error: Unable to interpret <DRV - [2013/04/03 03:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)> in the current context!
Error: Unable to interpret <DRV - [2012/06/03 04:44:46 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)> in the current context!
Error: Unable to interpret <DRV - [2012/05/08 12:43:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)> in the current context!
Error: Unable to interpret <DRV - [2012/05/08 12:43:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)> in the current context!
Error: Unable to interpret <DRV - [2012/05/03 08:07:08 | 000,526,608 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)> in the current context!
Error: Unable to interpret <DRV - [2012/04/30 15:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)> in the current context!
Error: Unable to interpret <DRV - [2012/01/09 12:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)> in the current context!
Error: Unable to interpret <DRV - [2012/01/09 12:59:30 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)> in the current context!
Error: Unable to interpret <DRV - [2012/01/09 12:59:30 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)> in the current context!
Error: Unable to interpret <DRV - [2011/09/16 11:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)> in the current context!
Error: Unable to interpret <DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)> in the current context!
Error: Unable to interpret <DRV - [2009/07/28 19:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)> in the current context!
Error: Unable to interpret <DRV - [2009/07/01 05:50:00 | 000,237,952 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMC33F.sys -- (VMC33F)> in the current context!
Error: Unable to interpret <DRV - [2009/06/18 23:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)> in the current context!
Error: Unable to interpret <DRV - [2009/06/18 23:48:06 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)> in the current context!
Error: Unable to interpret <DRV - [2009/06/04 01:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)> in the current context!
Error: Unable to interpret <DRV - [2009/05/23 02:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)> in the current context!
Error: Unable to interpret <DRV - [2009/05/18 13:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)> in the current context!
Error: Unable to interpret <DRV - [2009/05/01 09:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CryptOSD.sys -- (CryptOSD)> in the current context!
Error: Unable to interpret <DRV - [2009/04/15 21:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)> in the current context!
Error: Unable to interpret <DRV - [2009/02/06 12:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)> in the current context!
Error: Unable to interpret <DRV - [2008/08/05 23:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)> in the current context!
Error: Unable to interpret <DRV - [2008/07/24 20:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)> in the current context!
Error: Unable to interpret <DRV - [2008/02/04 20:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)> in the current context!
Error: Unable to interpret <DRV - [2007/11/26 08:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)> in the current context!
Error: Unable to interpret <DRV - [2007/11/26 08:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)> in the current context!
Error: Unable to interpret <DRV - [2007/11/26 08:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)> in the current context!
Error: Unable to interpret <DRV - [2007/11/26 08:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)> in the current context!
Error: Unable to interpret <DRV - [2006/01/04 18:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)> in the current context!
Error: Unable to interpret <DRV - [2005/10/27 00:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\Ockenator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN> in the current context!
Error: Unable to interpret <IE - HKU\Ockenator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\pdf xchange viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DA0528B-1DD8-4167-BFAF-E0EF94939F93}: C:\Programme\Comodo\HopSurfToolbar\hopsurfext_ff3_5> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/05/23 00:30:07 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/09/26 12:06:15 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/29 13:46:27 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012/02/18 15:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[1999/12/31 11:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2012/09/26 12:06:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} -  File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -  File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)> in the current context!
Error: Unable to interpret <O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BL)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MagicKeyboard]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SUPBackground]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [UserFaultCheck]  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [BatteryLifeExtender]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [KiesAirMessage]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [Spotify] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd)> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)> in the current context!
Error: Unable to interpret <O4 - HKU\Ockenator_ON_C..\Run: [SpriteService]  File not found> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\Ockenator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!
Error: Unable to interpret <O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe) -  File not found> in the current context!
Error: Unable to interpret <O20 - HKU\Ockenator_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKU\Ockenator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat) - C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat ()> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2009/08/05 09:27:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) -  File not found> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)> in the current context!
Error: Unable to interpret <ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"> in the current context!
Error: Unable to interpret <ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player> in the current context!
Error: Unable to interpret <ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4> in the current context!
Error: Unable to interpret <ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation> in the current context!
Error: Unable to interpret <ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> in the current context!
Error: Unable to interpret <ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java> in the current context!
Error: Unable to interpret <ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack> in the current context!
Error: Unable to interpret <ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe> in the current context!
Error: Unable to interpret <ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring> in the current context!
Error: Unable to interpret <ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> in the current context!
Error: Unable to interpret <ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> in the current context!
Error: Unable to interpret <ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow> in the current context!
Error: Unable to interpret <ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx> in the current context!
Error: Unable to interpret <ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help> in the current context!
Error: Unable to interpret <ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes> in the current context!
Error: Unable to interpret <ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7> in the current context!
Error: Unable to interpret <ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> in the current context!
Error: Unable to interpret <ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW> in the current context!
Error: Unable to interpret <ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools> in the current context!
Error: Unable to interpret <ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements> in the current context!
Error: Unable to interpret <ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player> in the current context!
Error: Unable to interpret <ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access> in the current context!
Error: Unable to interpret <ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders> in the current context!
Error: Unable to interpret <ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll> in the current context!
Error: Unable to interpret <ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> in the current context!
Error: Unable to interpret <ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> in the current context!
Error: Unable to interpret <ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding> in the current context!
Error: Unable to interpret <ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - > in the current context!
Error: Unable to interpret <ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework> in the current context!
Error: Unable to interpret <ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate> in the current context!
Error: Unable to interpret <ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts> in the current context!
Error: Unable to interpret <ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner> in the current context!
Error: Unable to interpret <ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1> in the current context!
Error: Unable to interpret <ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player> in the current context!
Error: Unable to interpret <ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help> in the current context!
Error: Unable to interpret <ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface> in the current context!
Error: Unable to interpret <ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe> in the current context!
Error: Unable to interpret <ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP> in the current context!
Error: Unable to interpret <ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> in the current context!
Error: Unable to interpret <ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> in the current context!
Error: Unable to interpret <ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <NetSvcs: 6to4 -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: AppMgmt -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: HidServ -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Ias -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Iprip -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Irmon -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: NWCWorkstation -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: Nwsapagent -  File not found> in the current context!
Error: Unable to interpret <NetSvcs: WmdmPmSp -  File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2013/05/18 05:36:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi> in the current context!
Error: Unable to interpret <[2013/05/18 05:31:54 | 000,000,000 | ---D | C] -- C:\8a7819e540a0dc55a5069c> in the current context!
Error: Unable to interpret <[2013/05/12 13:45:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\SelfMV> in the current context!
Error: Unable to interpret <[2013/05/12 13:32:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\Handykontakte> in the current context!
Error: Unable to interpret <[2013/05/12 13:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump> in the current context!
Error: Unable to interpret <[2013/05/12 13:25:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log> in the current context!
Error: Unable to interpret <[2013/05/12 13:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Samsung> in the current context!
Error: Unable to interpret <[2013/05/12 13:24:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung> in the current context!
Error: Unable to interpret <[2013/05/12 13:24:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Eigene Dateien\samsung> in the current context!
Error: Unable to interpret <[2013/05/12 13:11:59 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos> in the current context!
Error: Unable to interpret <[2013/05/12 13:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage> in the current context!
Error: Unable to interpret <[2013/05/12 13:05:27 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys> in the current context!
Error: Unable to interpret <[2013/05/12 13:05:25 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys> in the current context!
Error: Unable to interpret <[2013/05/12 13:01:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec> in the current context!
Error: Unable to interpret <[2013/05/12 13:01:45 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:25 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:19 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll> in the current context!
Error: Unable to interpret <[2013/05/12 12:55:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll> in the current context!
Error: Unable to interpret <[2013/05/12 12:55:51 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys> in the current context!
Error: Unable to interpret <[2013/05/12 12:53:22 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2> in the current context!
Error: Unable to interpret <[2013/05/12 12:48:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations> in the current context!
Error: Unable to interpret <[2013/05/12 12:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF> in the current context!
Error: Unable to interpret <[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2013/05/18 07:30:25 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini> in the current context!
Error: Unable to interpret <[2013/05/18 07:29:28 | 000,000,261 | ---- | M] () -- C:\WINDOWS\lgfwup.ini> in the current context!
Error: Unable to interpret <[2013/05/18 07:26:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2013/05/18 07:26:15 | 1063,636,992 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2013/05/18 07:20:25 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2013/05/18 05:30:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK> in the current context!
Error: Unable to interpret <[2013/05/18 05:01:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2013/05/13 15:49:09 | 000,680,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf> in the current context!
Error: Unable to interpret <[2013/05/12 16:41:48 | 000,093,568 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat> in the current context!
Error: Unable to interpret <[2013/05/12 14:09:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2013/05/12 14:09:15 | 000,193,536 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2013/05/12 13:23:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf> in the current context!
Error: Unable to interpret <[2013/05/12 13:11:58 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 13:06:51 | 000,001,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk> in the current context!
Error: Unable to interpret <[2013/05/12 13:06:51 | 000,001,597 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 13:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MyFree Codec> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:50 | 000,001,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:50 | 000,001,615 | ---- | M] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Samsung> in the current context!
Error: Unable to interpret <[2013/05/12 12:55:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb> in the current context!
Error: Unable to interpret <[2013/05/12 12:55:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb> in the current context!
Error: Unable to interpret <[2013/05/12 12:40:33 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf> in the current context!
Error: Unable to interpret <[2013/05/07 00:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Ockenator\Desktop\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2013/05/15 09:01:37 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini> in the current context!
Error: Unable to interpret <[2013/05/13 15:49:07 | 000,680,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Case study.pdf> in the current context!
Error: Unable to interpret <[2013/05/12 16:41:48 | 000,093,568 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat> in the current context!
Error: Unable to interpret <[2013/05/12 13:23:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf> in the current context!
Error: Unable to interpret <[2013/05/12 13:11:57 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Desktop\Windows Media Player.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 13:06:51 | 000,001,607 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies (Lite).lnk> in the current context!
Error: Unable to interpret <[2013/05/12 13:06:51 | 000,001,597 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Samsung Kies.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:50 | 000,001,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk> in the current context!
Error: Unable to interpret <[2013/05/12 12:58:49 | 000,001,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk> in the current context!
Error: Unable to interpret <[2013/05/12 12:40:33 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf> in the current context!
Error: Unable to interpret <[2013/04/18 13:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe> in the current context!
Error: Unable to interpret <[2013/04/18 13:06:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll> in the current context!
Error: Unable to interpret <[2013/04/18 13:06:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll> in the current context!
Error: Unable to interpret <[2013/04/18 13:06:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll> in the current context!
Error: Unable to interpret <[2013/04/18 13:06:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll> in the current context!
Error: Unable to interpret <[2012/10/13 11:20:21 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys> in the current context!
Error: Unable to interpret <[2012/05/07 12:28:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat> in the current context!
Error: Unable to interpret <[2012/02/27 05:37:53 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini> in the current context!
Error: Unable to interpret <[2012/02/27 05:37:53 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini> in the current context!
Error: Unable to interpret <[2012/02/16 02:28:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll> in the current context!
Error: Unable to interpret <[2012/01/11 22:51:11 | 000,001,011 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI> in the current context!
Error: Unable to interpret <[2012/01/03 23:15:37 | 000,000,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\setup64> in the current context!
Error: Unable to interpret <[2011/06/20 16:47:41 | 000,003,669 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\.recently-used.xbel> in the current context!
Error: Unable to interpret <[2010/05/31 16:08:40 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll> in the current context!
Error: Unable to interpret <[2010/01/11 17:16:41 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI> in the current context!
Error: Unable to interpret <[2009/11/19 18:12:23 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\$_hpcst$.hpc> in the current context!
Error: Unable to interpret <[2009/11/12 08:37:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI> in the current context!
Error: Unable to interpret <[2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat> in the current context!
Error: Unable to interpret <[2009/10/13 16:54:02 | 000,000,058 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DonationCoder_ScreenshotCaptor_InstallInfo.dat> in the current context!
Error: Unable to interpret <[2009/10/09 06:47:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2009/10/09 06:47:01 | 000,193,536 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2009/10/09 06:05:15 | 000,000,261 | ---- | C] () -- C:\WINDOWS\lgfwup.ini> in the current context!
Error: Unable to interpret <[2009/10/08 23:35:33 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Ockenator_KBD.ini> in the current context!
Error: Unable to interpret <[2009/10/08 18:52:10 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:46:35 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI> in the current context!
Error: Unable to interpret <[2009/10/08 18:41:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:31:36 | 000,000,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\RSTable.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:31:35 | 000,000,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdskr01.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:31:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdhkr01.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:31:35 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\scdstr01.dat> in the current context!
Error: Unable to interpret <[2009/10/08 18:28:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat> in the current context!
Error: Unable to interpret <[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll> in the current context!
Error: Unable to interpret <[2009/08/05 19:35:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:34 | 000,449,842 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:34 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:34 | 000,081,314 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:34 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:26 | 000,433,470 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:26 | 000,068,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:25 | 000,122,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:25 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat> in the current context!
Error: Unable to interpret <[2009/08/05 18:01:19 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin> in the current context!
Error: Unable to interpret <[2009/08/05 10:47:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\SetDisplayResolution.exe> in the current context!
Error: Unable to interpret <[2009/08/05 10:19:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI> in the current context!
Error: Unable to interpret <[2009/08/05 10:18:56 | 000,157,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:45 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:45 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:40:42 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI> in the current context!
Error: Unable to interpret <[2009/08/05 09:35:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini> in the current context!
Error: Unable to interpret <[2009/08/05 09:34:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll> in the current context!
Error: Unable to interpret <[2009/08/05 09:34:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll> in the current context!
Error: Unable to interpret <[2009/08/05 09:34:05 | 000,233,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys> in the current context!
Error: Unable to interpret <[2009/08/05 09:31:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\Marker.exe> in the current context!
Error: Unable to interpret <[2009/08/05 09:31:31 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS> in the current context!
Error: Unable to interpret <[2009/08/05 09:29:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2009/08/05 09:25:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat> in the current context!
Error: Unable to interpret <[2009/06/20 04:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll> in the current context!
Error: Unable to interpret <[2009/05/01 10:24:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\osdauth.dat> in the current context!
Error: Unable to interpret <[2009/05/01 09:41:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\OSDSig.dat> in the current context!
Error: Unable to interpret <[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll> in the current context!
Error: Unable to interpret <[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll> in the current context!
Error: Unable to interpret <[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll> in the current context!
Error: Unable to interpret <[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll> in the current context!
Error: Unable to interpret <[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll> in the current context!
Error: Unable to interpret <[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll> in the current context!
Error: Unable to interpret <[2007/02/26 10:49:12 | 006,139,774 | ---- | C] () -- C:\WINDOWS\imagine digital freedom.dat> in the current context!
Error: Unable to interpret <[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll> in the current context!
Error: Unable to interpret <[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2009/08/05 19:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore> in the current context!
Error: Unable to interpret <[2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Adguhi> in the current context!
Error: Unable to interpret <[2010/12/07 18:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Amazon> in the current context!
Error: Unable to interpret <[2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Buqiir> in the current context!
Error: Unable to interpret <[2012/07/22 14:30:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Caito> in the current context!
Error: Unable to interpret <[2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canneverbe Limited> in the current context!
Error: Unable to interpret <[2010/06/20 13:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Canon> in the current context!
Error: Unable to interpret <[2012/05/12 07:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\CheckPoint> in the current context!
Error: Unable to interpret <[2012/07/20 15:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Daogf> in the current context!
Error: Unable to interpret <[2009/10/13 16:54:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\DonationCoder> in the current context!
Error: Unable to interpret <[2012/01/16 12:48:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Dropbox> in the current context!
Error: Unable to interpret <[2012/09/03 14:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\elsterformular> in the current context!
Error: Unable to interpret <[2011/06/20 16:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\gtk-2.0> in the current context!
Error: Unable to interpret <[2012/06/26 15:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Puokag> in the current context!
Error: Unable to interpret <[2012/08/14 06:35:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Qamey> in the current context!
Error: Unable to interpret <[2013/05/12 13:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Samsung> in the current context!
Error: Unable to interpret <[2013/05/15 14:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Spotify> in the current context!
Error: Unable to interpret <[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite PC Agent> in the current context!
Error: Unable to interpret <[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Setup Wizard> in the current context!
Error: Unable to interpret <[2009/11/19 18:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\Sprite Software> in the current context!
Error: Unable to interpret <[2012/02/02 15:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\uTorrent> in the current context!
Error: Unable to interpret <[2012/10/13 11:21:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited> in the current context!
Error: Unable to interpret <[2009/10/09 07:36:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ> in the current context!
Error: Unable to interpret <[2010/06/16 18:29:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV> in the current context!
Error: Unable to interpret <[2010/06/20 13:55:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan> in the current context!
Error: Unable to interpret <[2012/05/12 07:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint> in the current context!
Error: Unable to interpret <[2012/02/19 18:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA> in the current context!
Error: Unable to interpret <[2009/10/13 16:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder> in the current context!
Error: Unable to interpret <[2012/09/03 14:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular> in the current context!
Error: Unable to interpret <[2009/10/09 06:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe> in the current context!
Error: Unable to interpret <[2012/02/18 18:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nF38702JjNdL38702> in the current context!
Error: Unable to interpret <[2013/05/12 13:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SAMSUNG> in the current context!
Error: Unable to interpret <[2009/10/08 23:37:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp> in the current context!
Error: Unable to interpret <[2009/10/09 09:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinClon> in the current context!
Error: Unable to interpret <[2009/08/05 09:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\*. >> in the current context!
Error: Unable to interpret <[2013/05/18 05:31:55 | 000,000,000 | ---D | M] -- C:\8a7819e540a0dc55a5069c> in the current context!
Error: Unable to interpret <[2013/05/18 05:37:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi> in the current context!
Error: Unable to interpret <[2011/02/27 11:25:35 | 000,000,000 | R--D | M] -- C:\Damien Rice> in the current context!
Error: Unable to interpret <[2010/03/19 10:08:40 | 000,000,000 | ---D | M] -- C:\DirectX> in the current context!
Error: Unable to interpret <[2009/10/08 23:35:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen> in the current context!
Error: Unable to interpret <[2010/12/16 19:58:38 | 000,000,000 | ---D | M] -- C:\Ey mann wo is mein Auto> in the current context!
Error: Unable to interpret <[2009/08/05 09:31:57 | 000,000,000 | ---D | M] -- C:\Intel> in the current context!
Error: Unable to interpret <[2013/05/12 13:01:45 | 000,000,000 | R--D | M] -- C:\Programme> in the current context!
Error: Unable to interpret <[2009/10/09 00:08:38 | 000,000,000 | -HSD | M] -- C:\RECYCLER> in the current context!
Error: Unable to interpret <[2013/03/24 12:35:23 | 000,000,000 | ---D | M] -- C:\sd karte> in the current context!
Error: Unable to interpret <[2012/09/24 16:39:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information> in the current context!
Error: Unable to interpret <[2013/02/18 15:53:33 | 000,000,000 | ---D | M] -- C:\Temp> in the current context!
Error: Unable to interpret <[2013/05/18 07:27:42 | 000,000,000 | ---D | M] -- C:\WINDOWS> in the current context!
Error: Unable to interpret <[2010/11/11 08:08:46 | 000,000,000 | ---D | M] -- C:\Wohnung> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %PROGRAMFILES%\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Invalid Environment Variable: %LOCALAPPDATA%\*.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\*. /mp /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: AGP440.SYS  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: ATAPI.SYS  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys> in the current context!
Error: Unable to interpret <[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys> in the current context!
Error: Unable to interpret <[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: EVENTLOG.DLL  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: EXPLORER.EXE  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe> in the current context!
Error: Unable to interpret <[2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\explorer.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: NETLOGON.DLL  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: SCECLI.DLL  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USER32.DLL  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: USERINIT.EXE  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WINLOGON.EXE  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe> in the current context!
Error: Unable to interpret <[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Programme\CheckPoint\ZAForceField\Heuristics\winlogon.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << MD5 for: WS2IFSL.SYS  >> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\drivers\*.sys /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\System32\config\*.sav >> in the current context!
Error: Unable to interpret <[2009/08/05 11:18:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav> in the current context!
Error: Unable to interpret <[2009/08/05 11:18:33 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav> in the current context!
Error: Unable to interpret <[2009/08/05 11:18:33 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %systemroot%\system32\*.dll /lockedfiles >> in the current context!
Error: Unable to interpret <[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll> in the current context!
Error: Unable to interpret <[2013/03/01 21:53:29 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll> in the current context!
Error: Unable to interpret <[2013/03/01 21:53:30 | 002,004,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll> in the current context!
Error: Unable to interpret <[2008/04/14 08:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll> in the current context!
Error: Unable to interpret <[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Invalid Environment Variable: %USERPROFILE%\*.*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 05212013_011527

das hat wohl nicht geklappt oder :-( ?

markusg · 20.05.2013, 22:51

lies bitte noch mal, du hast das otl log rienkopiert nicht meinen script als fix genutzt

Ockenator · 21.05.2013, 18:07

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Dokumente und Einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\goxvqtks\oupibttg.exe deleted successfully.
Registry value HKEY_USERS\Ockenator_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat deleted successfully.
C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.dat moved successfully.
C:\Dokumente und Einstellungen\Ockenator\Anwendungsdaten\skype.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 7178631 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31969501 bytes

Total Files Cleaned = 37.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 05212013_220342

konnte nicht direkt von der File fix.txt laden, musste deinen Fix so ins OPL Textfester reinkopieren.. ist das jetzt das, was du brauchst?

danke vorab schon für Deine Hilfe - weiß das wirklich zu schätzen!!

markusg · 21.05.2013, 18:27

Hi
passt
gucken ob du in den normalen Modus kommstund weiter mit dem Upload

Ockenator · 21.05.2013, 18:51

konnte im normalen Modus starten, habe die zip-file eben über uploadchannel hochgeladen

markusg · 21.05.2013, 18:56

dankee.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Ockenator · 21.05.2013, 19:21

23:15:41.0078 3052 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:15:41.0203 3052 ============================================================
23:15:41.0203 3052 Current date / time: 2013/05/21 23:15:41.0203
23:15:41.0203 3052 SystemInfo:
23:15:41.0203 3052
23:15:41.0203 3052 OS Version: 5.1.2600 ServicePack: 3.0
23:15:41.0203 3052 Product type: Workstation
23:15:41.0203 3052 ComputerName: MINI
23:15:41.0203 3052 UserName: Ockenator
23:15:41.0203 3052 Windows directory: C:\WINDOWS
23:15:41.0203 3052 System windows directory: C:\WINDOWS
23:15:41.0203 3052 Processor architecture: Intel x86
23:15:41.0203 3052 Number of processors: 2
23:15:41.0203 3052 Page size: 0x1000
23:15:41.0203 3052 Boot type: Normal boot
23:15:41.0203 3052 ============================================================
23:15:43.0265 3052 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:15:43.0281 3052 Drive \Device\Harddisk1\DR6 - Size: 0xF2800000 (3.79 Gb), SectorSize: 0x200, Cylinders: 0x1EE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:15:43.0296 3052 ============================================================
23:15:43.0296 3052 \Device\Harddisk0\DR0:
23:15:43.0312 3052 MBR partitions:
23:15:43.0312 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0x7617AEE
23:15:43.0312 3052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8418800, BlocksNum 0xA600800
23:15:43.0312 3052 \Device\Harddisk1\DR6:
23:15:43.0312 3052 MBR partitions:
23:15:43.0312 3052 \Device\Harddisk1\DR6\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x79182F
23:15:43.0312 3052 ============================================================
23:15:43.0343 3052 C: <-> \Device\Harddisk0\DR0\Partition1
23:15:43.0437 3052 D: <-> \Device\Harddisk0\DR0\Partition2
23:15:43.0437 3052 ============================================================
23:15:43.0437 3052 Initialize success
23:15:43.0437 3052 ============================================================
23:16:12.0515 3476 ============================================================
23:16:12.0515 3476 Scan started
23:16:12.0515 3476 Mode: Manual; SigCheck; TDLFS;
23:16:12.0515 3476 ============================================================
23:16:12.0843 3476 ================ Scan system memory ========================
23:16:12.0859 3476 System memory - ok
23:16:12.0859 3476 ================ Scan services =============================
23:16:13.0062 3476 Abiosdsk - ok
23:16:13.0078 3476 abp480n5 - ok
23:16:13.0125 3476 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:16:14.0375 3476 ACPI - ok
23:16:14.0421 3476 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:16:14.0687 3476 ACPIEC - ok
23:16:14.0703 3476 adpu160m - ok
23:16:14.0750 3476 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:16:15.0062 3476 aec - ok
23:16:15.0109 3476 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:16:15.0250 3476 AFD - ok
23:16:15.0250 3476 Aha154x - ok
23:16:15.0265 3476 aic78u2 - ok
23:16:15.0281 3476 aic78xx - ok
23:16:15.0312 3476 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:16:15.0578 3476 Alerter - ok
23:16:15.0625 3476 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
23:16:15.0812 3476 ALG - ok
23:16:15.0828 3476 AliIde - ok
23:16:15.0906 3476 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
23:16:16.0156 3476 Ambfilt - ok
23:16:16.0171 3476 amsint - ok
23:16:16.0281 3476 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
23:16:16.0484 3476 AntiVirSchedulerService - ok
23:16:16.0515 3476 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:16:16.0640 3476 AntiVirService - ok
23:16:16.0656 3476 AppMgmt - ok
23:16:16.0750 3476 [ 74AD200C4E5454A884D7C711B6A906CF ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
23:16:17.0015 3476 AR5416 - ok
23:16:17.0015 3476 asc - ok
23:16:17.0031 3476 asc3350p - ok
23:16:17.0031 3476 asc3550 - ok
23:16:17.0125 3476 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:16:17.0203 3476 aspnet_state - ok
23:16:17.0234 3476 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:16:17.0609 3476 AsyncMac - ok
23:16:17.0640 3476 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:16:17.0921 3476 atapi - ok
23:16:17.0921 3476 Atdisk - ok
23:16:17.0953 3476 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:16:18.0218 3476 Atmarpc - ok
23:16:18.0281 3476 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:16:18.0562 3476 AudioSrv - ok
23:16:18.0593 3476 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:16:18.0875 3476 audstub - ok
23:16:18.0906 3476 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:16:19.0015 3476 avgntflt - ok
23:16:19.0046 3476 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:16:19.0125 3476 avipbb - ok
23:16:19.0140 3476 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:16:19.0203 3476 avkmgr - ok
23:16:19.0265 3476 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:16:19.0531 3476 Beep - ok
23:16:19.0593 3476 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
23:16:19.0890 3476 BITS - ok
23:16:19.0937 3476 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
23:16:20.0359 3476 Browser - ok
23:16:20.0406 3476 [ D6407B9A012205E5754866E145165C29 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
23:16:20.0500 3476 btaudio - ok
23:16:20.0515 3476 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
23:16:20.0593 3476 BTDriver - ok
23:16:20.0656 3476 [ 75130181FA2FD6CBE83083C5311ABE78 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:16:20.0781 3476 BTKRNL - ok
23:16:20.0843 3476 [ B90635B00D3D4D6EA8C21CCAF35BE55E ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:16:20.0953 3476 btwdins - ok
23:16:20.0984 3476 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:16:21.0062 3476 BTWDNDIS - ok
23:16:21.0093 3476 [ 1166CB501E1C34750A91600579EFEAB3 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
23:16:21.0156 3476 BTWUSB - ok
23:16:21.0203 3476 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:16:21.0515 3476 cbidf2k - ok
23:16:21.0578 3476 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:16:21.0875 3476 CCDECODE - ok
23:16:21.0875 3476 cd20xrnt - ok
23:16:21.0937 3476 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:16:22.0203 3476 Cdaudio - ok
23:16:22.0234 3476 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:16:22.0578 3476 Cdfs - ok
23:16:22.0625 3476 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:16:22.0937 3476 Cdrom - ok
23:16:22.0953 3476 Changer - ok
23:16:23.0000 3476 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:16:23.0281 3476 CiSvc - ok
23:16:23.0312 3476 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:16:23.0593 3476 ClipSrv - ok
23:16:23.0640 3476 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:16:23.0734 3476 clr_optimization_v2.0.50727_32 - ok
23:16:23.0765 3476 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:16:24.0031 3476 CmBatt - ok
23:16:24.0046 3476 CmdIde - ok
23:16:24.0062 3476 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:16:24.0343 3476 Compbatt - ok
23:16:24.0343 3476 COMSysApp - ok
23:16:24.0359 3476 Cpqarray - ok
23:16:24.0421 3476 [ C914D18AB66B132E9C73F19F8F805F1F ] CryptOSD C:\WINDOWS\system32\DRIVERS\CryptOSD.sys
23:16:24.0546 3476 CryptOSD - ok
23:16:24.0593 3476 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:16:24.0875 3476 CryptSvc - ok
23:16:24.0890 3476 dac2w2k - ok
23:16:24.0906 3476 dac960nt - ok
23:16:24.0968 3476 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:16:25.0140 3476 DcomLaunch - ok
23:16:25.0171 3476 [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
23:16:25.0296 3476 dg_ssudbus - ok
23:16:25.0328 3476 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:16:25.0625 3476 Dhcp - ok
23:16:25.0687 3476 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:16:25.0953 3476 Disk - ok
23:16:25.0968 3476 dmadmin - ok
23:16:26.0031 3476 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:16:26.0359 3476 dmboot - ok
23:16:26.0406 3476 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:16:26.0703 3476 dmio - ok
23:16:26.0750 3476 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:16:27.0031 3476 dmload - ok
23:16:27.0078 3476 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:16:27.0375 3476 dmserver - ok
23:16:27.0390 3476 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:16:27.0671 3476 DMusic - ok
23:16:27.0718 3476 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:16:27.0875 3476 Dnscache - ok
23:16:27.0921 3476 [ 8A4CB9438571814B128B6DC30D698064 ] DOSMEMIO C:\WINDOWS\system32\MEMIO.SYS
23:16:27.0953 3476 DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
23:16:27.0953 3476 DOSMEMIO - detected UnsignedFile.Multi.Generic (1)
23:16:27.0968 3476 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:16:28.0265 3476 Dot3svc - ok
23:16:28.0281 3476 dpti2o - ok
23:16:28.0312 3476 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:16:28.0640 3476 drmkaud - ok
23:16:28.0671 3476 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:16:28.0968 3476 EapHost - ok
23:16:29.0000 3476 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:16:29.0281 3476 ERSvc - ok
23:16:29.0328 3476 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
23:16:29.0406 3476 Eventlog - ok
23:16:29.0453 3476 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
23:16:29.0578 3476 EventSystem - ok
23:16:29.0609 3476 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:16:29.0890 3476 Fastfat - ok
23:16:29.0953 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:16:30.0093 3476 FastUserSwitchingCompatibility - ok
23:16:30.0125 3476 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:16:30.0406 3476 Fdc - ok
23:16:30.0421 3476 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:16:30.0703 3476 Fips - ok
23:16:30.0750 3476 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:16:31.0015 3476 Flpydisk - ok
23:16:31.0078 3476 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:16:31.0359 3476 FltMgr - ok
23:16:31.0437 3476 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:16:31.0500 3476 FontCache3.0.0.0 - ok
23:16:31.0546 3476 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
23:16:31.0609 3476 fssfltr - ok
23:16:31.0687 3476 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Programme\Windows Live\Family Safety\fsssvc.exe
23:16:31.0781 3476 fsssvc - ok
23:16:31.0812 3476 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:16:32.0140 3476 Fs_Rec - ok
23:16:32.0187 3476 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:16:32.0484 3476 Ftdisk - ok
23:16:32.0531 3476 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:16:32.0812 3476 Gpc - ok
23:16:32.0859 3476 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:16:33.0140 3476 HDAudBus - ok
23:16:33.0218 3476 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:16:33.0515 3476 helpsvc - ok
23:16:33.0531 3476 HidServ - ok
23:16:33.0562 3476 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:16:33.0843 3476 HidUsb - ok
23:16:33.0890 3476 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:16:34.0156 3476 hkmsvc - ok
23:16:34.0171 3476 hpn - ok
23:16:34.0234 3476 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:16:34.0343 3476 HTTP - ok
23:16:34.0390 3476 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:16:34.0656 3476 HTTPFilter - ok
23:16:34.0656 3476 i2omgmt - ok
23:16:34.0671 3476 i2omp - ok
23:16:34.0718 3476 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:16:35.0046 3476 i8042prt - ok
23:16:35.0265 3476 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:16:35.0812 3476 ialm - ok
23:16:35.0890 3476 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:16:36.0031 3476 idsvc - ok
23:16:36.0062 3476 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:16:36.0343 3476 Imapi - ok
23:16:36.0406 3476 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
23:16:36.0687 3476 ImapiService - ok
23:16:36.0750 3476 [ B02A8A25192EE1C5E653628637AB6AAA ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
23:16:36.0812 3476 InCDfs - ok
23:16:36.0843 3476 [ B49BD5B663E1AF9BF3233B782B70D865 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
23:16:36.0906 3476 InCDPass - ok
23:16:36.0921 3476 [ 8FD364EDBD97983575CEE3E8909E62B4 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
23:16:36.0968 3476 InCDrec - ok
23:16:37.0000 3476 [ FC04E827133D54AB79CA254708F76CD0 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
23:16:37.0062 3476 incdrm - ok
23:16:37.0171 3476 [ 067020BB8ABF1F6B80361051B2806C90 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
23:16:37.0343 3476 InCDsrv - ok
23:16:37.0359 3476 ini910u - ok
23:16:37.0546 3476 [ 0CACDCBBC8E6F11E2865C47BFC509848 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:16:38.0062 3476 IntcAzAudAddService - ok
23:16:38.0078 3476 IntelIde - ok
23:16:38.0125 3476 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:16:38.0468 3476 intelppm - ok
23:16:38.0484 3476 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:16:38.0765 3476 Ip6Fw - ok
23:16:38.0781 3476 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:16:39.0062 3476 IpFilterDriver - ok
23:16:39.0093 3476 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:16:39.0359 3476 IpInIp - ok
23:16:39.0406 3476 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:16:39.0687 3476 IpNat - ok
23:16:39.0734 3476 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:16:40.0015 3476 IPSec - ok
23:16:40.0062 3476 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:16:40.0218 3476 IRENUM - ok
23:16:40.0281 3476 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:16:40.0546 3476 isapnp - ok
23:16:40.0609 3476 [ EE8BED092A58A4FAEB08DC140729189E ] ISWKL C:\Programme\CheckPoint\ZAForceField\ISWKL.sys
23:16:40.0890 3476 ISWKL - ok
23:16:40.0921 3476 [ AA7FD6A7532EF23FDCFC030195C148F9 ] IswSvc C:\Programme\CheckPoint\ZAForceField\IswSvc.exe
23:16:41.0015 3476 IswSvc - ok
23:16:41.0109 3476 [ 6F9AE59017FAE7E111265394967E846E ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
23:16:41.0296 3476 JavaQuickStarterService - ok
23:16:41.0328 3476 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:16:41.0656 3476 Kbdclass - ok
23:16:41.0703 3476 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
23:16:41.0812 3476 KL1 - ok
23:16:41.0843 3476 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
23:16:41.0921 3476 kl2 - ok
23:16:41.0937 3476 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
23:16:42.0046 3476 KLIF - ok
23:16:42.0093 3476 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:16:42.0359 3476 kmixer - ok
23:16:42.0421 3476 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:16:42.0609 3476 KSecDD - ok
23:16:42.0640 3476 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
23:16:42.0765 3476 LanmanServer - ok
23:16:42.0812 3476 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:16:42.0906 3476 lanmanworkstation - ok
23:16:42.0921 3476 lbrtfdc - ok
23:16:43.0015 3476 [ CCAD2AAE36E24346488B0F54A049DE78 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
23:16:43.0109 3476 LightScribeService - ok
23:16:43.0156 3476 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:16:43.0437 3476 LmHosts - ok
23:16:43.0468 3476 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:16:43.0734 3476 Messenger - ok
23:16:43.0796 3476 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:16:44.0062 3476 mnmdd - ok
23:16:44.0109 3476 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:16:44.0375 3476 mnmsrvc - ok
23:16:44.0421 3476 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:16:44.0703 3476 Modem - ok
23:16:44.0796 3476 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
23:16:44.0984 3476 Monfilt - ok
23:16:45.0000 3476 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:16:45.0281 3476 Mouclass - ok
23:16:45.0312 3476 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:16:45.0609 3476 mouhid - ok
23:16:45.0625 3476 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:16:45.0921 3476 MountMgr - ok
23:16:45.0968 3476 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:16:46.0046 3476 MozillaMaintenance - ok
23:16:46.0046 3476 mraid35x - ok
23:16:46.0093 3476 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:16:46.0359 3476 MRxDAV - ok
23:16:46.0421 3476 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:16:46.0578 3476 MRxSmb - ok
23:16:46.0625 3476 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:16:46.0906 3476 MSDTC - ok
23:16:46.0953 3476 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:16:47.0234 3476 Msfs - ok
23:16:47.0234 3476 MSIServer - ok
23:16:47.0265 3476 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:16:47.0546 3476 MSKSSRV - ok
23:16:47.0562 3476 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:16:47.0828 3476 MSPCLOCK - ok
23:16:47.0859 3476 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:16:48.0156 3476 MSPQM - ok
23:16:48.0203 3476 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:16:48.0484 3476 mssmbios - ok
23:16:48.0531 3476 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:16:48.0812 3476 MSTEE - ok
23:16:48.0859 3476 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:16:48.0968 3476 Mup - ok
23:16:48.0984 3476 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:16:49.0281 3476 NABTSFEC - ok
23:16:49.0328 3476 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
23:16:49.0625 3476 napagent - ok
23:16:49.0718 3476 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
23:16:49.0828 3476 NBService - ok
23:16:49.0875 3476 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:16:49.0968 3476 NDIS - ok
23:16:50.0000 3476 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:16:50.0281 3476 NdisIP - ok
23:16:50.0312 3476 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:16:50.0421 3476 NdisTapi - ok
23:16:50.0453 3476 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:16:50.0734 3476 Ndisuio - ok
23:16:50.0765 3476 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:16:50.0843 3476 NdisWan - ok
23:16:50.0890 3476 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:16:50.0984 3476 NDProxy - ok
23:16:51.0031 3476 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:16:51.0343 3476 NetBIOS - ok
23:16:51.0406 3476 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:16:51.0687 3476 NetBT - ok
23:16:51.0734 3476 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
23:16:52.0015 3476 NetDDE - ok
23:16:52.0031 3476 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:16:52.0312 3476 NetDDEdsdm - ok
23:16:52.0359 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:16:52.0656 3476 Netlogon - ok
23:16:52.0687 3476 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
23:16:52.0968 3476 Netman - ok
23:16:53.0046 3476 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:16:53.0125 3476 NetTcpPortSharing - ok
23:16:53.0171 3476 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
23:16:53.0281 3476 Nla - ok
23:16:53.0421 3476 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
23:16:53.0515 3476 NMIndexingService - ok
23:16:53.0593 3476 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
23:16:53.0671 3476 NMSAccess - ok
23:16:53.0750 3476 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:16:54.0078 3476 Npfs - ok
23:16:54.0125 3476 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:16:54.0453 3476 Ntfs - ok
23:16:54.0484 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:16:54.0765 3476 NtLmSsp - ok
23:16:54.0812 3476 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:16:55.0140 3476 NtmsSvc - ok
23:16:55.0187 3476 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:16:55.0453 3476 Null - ok
23:16:55.0484 3476 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:16:55.0765 3476 NwlnkFlt - ok
23:16:55.0781 3476 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:16:56.0062 3476 NwlnkFwd - ok
23:16:56.0093 3476 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:16:56.0359 3476 Parport - ok
23:16:56.0421 3476 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:16:56.0687 3476 PartMgr - ok
23:16:56.0734 3476 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:16:57.0000 3476 ParVdm - ok
23:16:57.0062 3476 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:16:57.0328 3476 PCI - ok
23:16:57.0343 3476 PCIDump - ok
23:16:57.0390 3476 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:16:57.0671 3476 PCIIde - ok
23:16:57.0718 3476 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:16:58.0031 3476 Pcmcia - ok
23:16:58.0031 3476 PDCOMP - ok
23:16:58.0046 3476 PDFRAME - ok
23:16:58.0062 3476 PDRELI - ok
23:16:58.0062 3476 PDRFRAME - ok
23:16:58.0078 3476 perc2 - ok
23:16:58.0093 3476 perc2hib - ok
23:16:58.0140 3476 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
23:16:58.0218 3476 PlugPlay - ok
23:16:58.0234 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:16:58.0515 3476 PolicyAgent - ok
23:16:58.0546 3476 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:16:58.0828 3476 PptpMiniport - ok
23:16:58.0828 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:16:59.0109 3476 ProtectedStorage - ok
23:16:59.0140 3476 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:16:59.0406 3476 PSched - ok
23:16:59.0453 3476 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:16:59.0734 3476 Ptilink - ok
23:16:59.0781 3476 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:16:59.0843 3476 PxHelp20 - ok
23:16:59.0859 3476 ql1080 - ok
23:16:59.0875 3476 Ql10wnt - ok
23:16:59.0875 3476 ql12160 - ok
23:16:59.0890 3476 ql1240 - ok
23:16:59.0906 3476 ql1280 - ok
23:16:59.0921 3476 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:17:00.0203 3476 RasAcd - ok
23:17:00.0250 3476 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:17:00.0531 3476 RasAuto - ok
23:17:00.0531 3476 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:17:00.0812 3476 Rasl2tp - ok
23:17:00.0843 3476 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:17:01.0140 3476 RasMan - ok
23:17:01.0187 3476 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:17:01.0468 3476 RasPppoe - ok
23:17:01.0500 3476 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:17:01.0765 3476 Raspti - ok
23:17:01.0812 3476 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:17:02.0125 3476 Rdbss - ok
23:17:02.0171 3476 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:17:02.0453 3476 RDPCDD - ok
23:17:02.0500 3476 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:17:02.0640 3476 RDPWD - ok
23:17:02.0671 3476 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:17:02.0968 3476 RDSessMgr - ok
23:17:03.0000 3476 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:17:03.0281 3476 redbook - ok
23:17:03.0312 3476 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:17:03.0578 3476 RemoteAccess - ok
23:17:03.0687 3476 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Programme\CyberLink\Shared files\RichVideo.exe
23:17:03.0765 3476 RichVideo - ok
23:17:03.0796 3476 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:17:04.0078 3476 RpcLocator - ok
23:17:04.0109 3476 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:17:04.0234 3476 RpcSs - ok
23:17:04.0281 3476 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:17:04.0593 3476 RSVP - ok
23:17:04.0656 3476 [ CB9310A5A910648D359C99A857E22A54 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:17:04.0796 3476 RTLE8023xp - ok
23:17:04.0812 3476 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
23:17:05.0093 3476 SamSs - ok
23:17:05.0125 3476 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:17:05.0406 3476 SCardSvr - ok
23:17:05.0468 3476 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:17:05.0765 3476 Schedule - ok
23:17:05.0796 3476 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:17:05.0968 3476 Secdrv - ok
23:17:06.0000 3476 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
23:17:06.0265 3476 seclogon - ok
23:17:06.0296 3476 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
23:17:06.0562 3476 SENS - ok
23:17:06.0593 3476 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:17:06.0859 3476 Serial - ok
23:17:06.0906 3476 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:17:07.0171 3476 Sfloppy - ok
23:17:07.0234 3476 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:17:07.0546 3476 SharedAccess - ok
23:17:07.0578 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:17:07.0640 3476 ShellHWDetection - ok
23:17:07.0656 3476 Simbad - ok
23:17:07.0703 3476 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
23:17:07.0875 3476 SkypeUpdate - ok
23:17:07.0906 3476 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:17:08.0187 3476 SLIP - ok
23:17:08.0203 3476 Sparrow - ok
23:17:08.0250 3476 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:17:08.0546 3476 splitter - ok
23:17:08.0609 3476 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:17:08.0718 3476 Spooler - ok
23:17:08.0750 3476 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:17:08.0921 3476 sr - ok
23:17:08.0953 3476 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
23:17:09.0125 3476 srservice - ok
23:17:09.0187 3476 [ 7D7AD4ABA007E20ACC35CAB03B28A935 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
23:17:09.0281 3476 SRS_PremiumSound_Service - ok
23:17:09.0343 3476 [ 979B9C522C91BE3196E3220437BB2C38 ] SRS_WOWXT_Service C:\Programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
23:17:09.0421 3476 SRS_WOWXT_Service - ok
23:17:09.0468 3476 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:17:09.0609 3476 Srv - ok
23:17:09.0656 3476 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:17:09.0937 3476 SSDPSRV - ok
23:17:09.0984 3476 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:17:10.0046 3476 ssmdrv - ok
23:17:10.0093 3476 [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
23:17:10.0187 3476 ssudmdm - ok
23:17:10.0218 3476 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
23:17:10.0265 3476 StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:17:10.0265 3476 StarOpen - detected UnsignedFile.Multi.Generic (1)
23:17:10.0296 3476 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
23:17:10.0593 3476 StillCam - ok
23:17:10.0656 3476 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:17:10.0937 3476 stisvc - ok
23:17:10.0968 3476 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:17:11.0234 3476 streamip - ok
23:17:11.0296 3476 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:17:11.0609 3476 swenum - ok
23:17:11.0640 3476 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:17:11.0937 3476 swmidi - ok
23:17:11.0953 3476 SwPrv - ok
23:17:11.0953 3476 symc810 - ok
23:17:11.0968 3476 symc8xx - ok
23:17:11.0984 3476 sym_hi - ok
23:17:12.0000 3476 sym_u3 - ok
23:17:12.0046 3476 [ EA447F6DB6115E8A32352F9FAFFA824D ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:17:12.0156 3476 SynTP - ok
23:17:12.0187 3476 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:17:12.0468 3476 sysaudio - ok
23:17:12.0500 3476 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:17:12.0765 3476 SysmonLog - ok
23:17:12.0828 3476 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:17:13.0109 3476 TapiSrv - ok
23:17:13.0171 3476 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:17:13.0281 3476 Tcpip - ok
23:17:13.0312 3476 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:17:13.0609 3476 TDPIPE - ok
23:17:13.0625 3476 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:17:13.0906 3476 TDTCP - ok
23:17:13.0937 3476 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:17:14.0234 3476 TermDD - ok
23:17:14.0265 3476 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
23:17:14.0546 3476 TermService - ok
23:17:14.0578 3476 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:17:14.0656 3476 Themes - ok
23:17:14.0671 3476 TosIde - ok
23:17:14.0718 3476 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:17:15.0000 3476 TrkWks - ok
23:17:15.0046 3476 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:17:15.0328 3476 Udfs - ok
23:17:15.0328 3476 ultra - ok
23:17:15.0375 3476 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:17:15.0703 3476 Update - ok
23:17:15.0734 3476 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:17:15.0937 3476 upnphost - ok
23:17:15.0953 3476 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
23:17:16.0234 3476 UPS - ok
23:17:16.0281 3476 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:17:16.0593 3476 usbccgp - ok
23:17:16.0625 3476 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:17:16.0906 3476 usbehci - ok
23:17:16.0921 3476 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:17:17.0203 3476 usbhub - ok
23:17:17.0250 3476 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:17:17.0609 3476 usbprint - ok
23:17:17.0656 3476 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:17:17.0953 3476 usbscan - ok
23:17:18.0000 3476 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:17:18.0312 3476 USBSTOR - ok
23:17:18.0359 3476 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:17:18.0625 3476 usbuhci - ok
23:17:18.0671 3476 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:17:18.0953 3476 usbvideo - ok
23:17:18.0984 3476 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:17:19.0156 3476 usb_rndisx - ok
23:17:19.0171 3476 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:17:19.0468 3476 VgaSave - ok
23:17:19.0484 3476 ViaIde - ok
23:17:19.0546 3476 [ C365E0B920B2233001210EC9C324AEDC ] VMC33F C:\WINDOWS\system32\Drivers\VMC33F.sys
23:17:19.0640 3476 VMC33F - ok
23:17:19.0671 3476 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:17:19.0968 3476 VolSnap - ok
23:17:20.0015 3476 [ 7DB9123AEB762953D130B6953B246BC0 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
23:17:20.0109 3476 Vsdatant - ok
23:17:20.0156 3476 vsmon - ok
23:17:20.0187 3476 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
23:17:20.0375 3476 VSS - ok
23:17:20.0421 3476 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
23:17:20.0718 3476 W32Time - ok
23:17:20.0796 3476 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:17:21.0125 3476 Wanarp - ok
23:17:21.0125 3476 WDICA - ok
23:17:21.0156 3476 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:17:21.0421 3476 wdmaud - ok
23:17:21.0468 3476 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:17:21.0765 3476 WebClient - ok
23:17:21.0875 3476 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:17:22.0421 3476 winmgmt - ok
23:17:22.0484 3476 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:17:22.0718 3476 WmdmPmSN - ok
23:17:22.0750 3476 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:17:23.0218 3476 WmiApSrv - ok
23:17:23.0312 3476 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
23:17:23.0515 3476 WMPNetworkSvc - ok
23:17:23.0578 3476 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
23:17:23.0718 3476 WpdUsb - ok
23:17:23.0765 3476 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:17:24.0296 3476 wscsvc - ok
23:17:24.0312 3476 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:17:24.0625 3476 WSTCODEC - ok
23:17:24.0671 3476 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:17:25.0015 3476 wuauserv - ok
23:17:25.0078 3476 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:17:25.0234 3476 WudfPf - ok
23:17:25.0281 3476 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:17:25.0375 3476 WudfRd - ok
23:17:25.0406 3476 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:17:25.0500 3476 WudfSvc - ok
23:17:25.0578 3476 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:17:25.0921 3476 WZCSVC - ok
23:17:25.0953 3476 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:17:26.0265 3476 xmlprov - ok
23:17:26.0281 3476 ================ Scan global ===============================
23:17:26.0328 3476 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:17:26.0375 3476 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
23:17:26.0390 3476 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
23:17:26.0406 3476 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
23:17:26.0421 3476 [Global] - ok
23:17:26.0421 3476 ================ Scan MBR ==================================
23:17:26.0437 3476 [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0
23:17:27.0015 3476 \Device\Harddisk0\DR0 - ok
23:17:27.0015 3476 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR6
23:17:27.0187 3476 \Device\Harddisk1\DR6 - ok
23:17:27.0187 3476 ================ Scan VBR ==================================
23:17:27.0187 3476 [ FE60D06EDFCC0E4C540D014D11B5E4A3 ] \Device\Harddisk0\DR0\Partition1
23:17:27.0203 3476 \Device\Harddisk0\DR0\Partition1 - ok
23:17:27.0218 3476 [ C92D27747642281D6D8B57783609D5DE ] \Device\Harddisk0\DR0\Partition2
23:17:27.0218 3476 \Device\Harddisk0\DR0\Partition2 - ok
23:17:27.0234 3476 [ A9993F6A7B3395B7F824571E9688942F ] \Device\Harddisk1\DR6\Partition1
23:17:27.0234 3476 \Device\Harddisk1\DR6\Partition1 - ok
23:17:27.0234 3476 ============================================================
23:17:27.0234 3476 Scan finished
23:17:27.0234 3476 ============================================================
23:17:27.0359 2896 Detected object count: 2
23:17:27.0359 2896 Actual detected object count: 2
23:19:05.0375 2896 DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:05.0375 2896 DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:19:05.0375 2896 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:05.0375 2896 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 21.05.2013, 19:47

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Ockenator · 21.05.2013, 21:04

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-05-21.01 - Ockenator 21.05.2013  21:07:55.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.554 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ockenator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Ockenator\4.0
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Adguhi
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Adguhi\tuyhk.fui
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Buqiir
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Buqiir\atuv.kyy
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Daogf
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Daogf\otnyh.wok
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Puokag
c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Puokag\bapu.uxe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-21 bis 2013-05-21  ))))))))))))))))))))))))))))))
.
.
2013-05-21 05:15 . 2013-05-21 20:47	--------	d-----w-	C:\_OTL
2013-05-21 05:10 . 2013-05-21 05:10	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Eigene Dateien
2013-05-18 09:31 . 2013-05-18 09:31	--------	d-----w-	C:\8a7819e540a0dc55a5069c
2013-05-12 17:25 . 2013-05-12 17:25	--------	d-----w-	c:\dokumente und einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Samsung
2013-05-12 17:24 . 2013-05-12 17:24	--------	d-----w-	c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Samsung
2013-05-12 17:07 . 2008-04-14 12:00	26624	----a-w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2013-05-12 17:05 . 2013-04-03 07:58	181912	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2013-05-12 17:05 . 2013-04-03 07:58	83864	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2013-05-12 17:01 . 2013-05-12 17:01	--------	d-----w-	c:\programme\MyFree Codec
2013-05-12 16:58 . 2013-04-18 17:08	4659712	----a-w-	c:\windows\system32\Redemption.dll
2013-05-12 16:55 . 2013-04-18 17:06	821824	----a-w-	c:\windows\system32\dgderapi.dll
2013-05-12 16:55 . 2013-04-18 17:06	20032	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2013-05-12 16:53 . 2013-05-12 16:53	--------	d-----w-	c:\programme\Windows Media Connect 2
2013-05-12 16:48 . 2013-05-12 16:48	--------	d-----w-	c:\dokumente und einstellungen\Ockenator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
2013-05-12 16:40 . 2013-05-12 17:23	--------	d-----w-	c:\windows\system32\drivers\UMDF
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 17:07 . 2013-04-18 17:07	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2013-04-18 17:07 . 2013-04-18 17:07	330240	----a-w-	c:\windows\MASetupCaller.dll
2013-04-18 17:07 . 2013-04-18 17:07	30568	----a-w-	c:\windows\MusiccityDownload.exe
2013-04-18 17:06 . 2013-04-18 17:06	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2013-04-18 17:06 . 2013-04-18 17:06	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2013-04-18 17:06 . 2013-04-18 17:06	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2013-04-18 17:06 . 2013-04-18 17:06	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2013-04-18 17:06 . 2013-04-18 17:06	569344	----a-w-	c:\windows\system32\muzdecode.ax
2013-04-18 17:06 . 2013-04-18 17:06	491520	----a-w-	c:\windows\system32\muzapp.dll
2013-04-18 17:06 . 2013-04-18 17:06	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2013-04-18 17:06 . 2013-04-18 17:06	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2013-04-18 17:06 . 2013-04-18 17:06	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2013-04-18 17:06 . 2013-04-18 17:06	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2013-04-18 17:06 . 2013-04-18 17:06	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2013-04-18 17:06 . 2013-04-18 17:06	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2013-04-18 17:06 . 2013-04-18 17:06	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2013-04-18 17:06 . 2013-04-18 17:06	245760	----a-w-	c:\windows\system32\MSCLib.dll
2013-04-18 17:06 . 2013-04-18 17:06	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2013-04-18 17:06 . 2013-04-18 17:06	200704	----a-w-	c:\windows\system32\muzwmts.dll
2013-04-18 17:06 . 2013-04-18 17:06	155648	----a-w-	c:\windows\system32\MSFLib.dll
2013-04-18 17:06 . 2013-04-18 17:06	143360	----a-w-	c:\windows\system32\3DAudio.ax
2013-04-18 17:06 . 2013-04-18 17:06	135168	----a-w-	c:\windows\system32\muzaf1.dll
2013-04-18 17:06 . 2013-04-18 17:06	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2013-04-18 17:06 . 2013-04-18 17:06	122880	----a-w-	c:\windows\system32\muzeffect.ax
2013-04-18 17:06 . 2013-04-18 17:06	118784	----a-w-	c:\windows\system32\MaDRM.dll
2013-04-18 17:06 . 2013-04-18 17:06	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2013-04-18 17:06 . 2009-08-05 13:34	319456	----a-w-	c:\windows\system32\DIFxAPI.dll
2013-04-12 14:00 . 2009-08-05 22:01	1876480	----a-w-	c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2009-08-05 22:01	293888	----a-w-	c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 07:30	2031104	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2009-08-05 22:01	2152448	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-02 01:53 . 2009-08-05 22:01	916480	----a-w-	c:\windows\system32\wininet.dll
2013-03-02 01:53 . 2009-08-05 22:01	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-02 01:53 . 2009-08-05 22:01	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-02 01:08 . 2009-08-05 22:01	385024	----a-w-	c:\windows\system32\html.iec
2013-02-27 07:56 . 2009-08-05 13:23	2067456	----a-w-	c:\windows\system32\mstscax.dll
2012-09-26 16:06 . 2012-02-18 19:17	266720	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Spotify\Spotify.exe" [2013-04-24 4547584]
"Spotify Web Helper"="c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe" [2013-04-24 1105408]
"KiesPreload"="c:\programme\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-18 137752]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-01 3153408]
"DMHotKey"="c:\programme\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"UCam_Menu"="c:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LGODDFU"="c:\programme\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2012-05-03 73360]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"KiesTrayAgent"="c:\programme\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-20 607584]
Erinnerungen für Microsoft Works-Kalender.lnk - c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe [1999-8-5 53317]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\Ockenator\\Anwendungsdaten\\Spotify\\spotify.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.03.2012 23:01 36000]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [12.05.2012 13:35 11352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.03.2012 23:01 86224]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [05.08.2009 15:31 4300]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [30.04.2012 21:05 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [30.04.2012 21:05 497280]
R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\programme\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [19.05.2009 19:39 66792]
R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [01.05.2009 15:41 384896]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [05.08.2009 15:34 233512]
R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [05.08.2009 15:36 237952]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [09.11.2012 12:21 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05.08.2009 15:33 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12.05.2013 19:05 83864]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12.05.2013 19:05 181912]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 10:27	451872	----a-w-	c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\Ockenator\Anwendungsdaten\Mozilla\Firefox\Profiles\b8bkeqe9.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=20c14cbe00000000000000265eb05146&q={searchTerms}
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan=en&utid=20c14cbe00000000000000265eb05146&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN26266762648347-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=20c14cbe00000000000000265eb05146&q=
FF - user.js: extensions.zonealarm.id - 20c14cbe00000000000000265eb05146
FF - user.js: extensions.zonealarm.instlDay - 15472
FF - user.js: extensions.zonealarm.vrsn - 1.5.23.8
FF - user.js: extensions.zonealarm.vrsni - 1.5.23.8
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.23.813:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN26266762648347-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-BatteryLifeExtender - c:\programme\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe
HKCU-Run-SpriteService - c:\programme\Sprite Software\Sprite Backup\SpriteService.exe
HKCU-Run-KiesAirMessage - c:\programme\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-SUPBackground - c:\programme\Samsung\Samsung Update Plus\SUPBackground.exe
HKLM-Run-MagicKeyboard - c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe
HKLM-Run-ISW - (no file)
AddRemove-MSNINST - c:\programme\MSN\MsnInstaller\msninst.exe
AddRemove-WinRAR archiver - c:\programme\WinRAR\uninstall.exe
AddRemove-Works2kSetup - c:\programme\Microsoft Works Suite 2000\Setup\Launcher.exe
AddRemove-{145DE957-0679-4A2A-BB5C-1D3E9808FAB2} - c:\programme\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe
AddRemove-{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2} - c:\programme\InstallShield Installation Information\{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}\setup.exe
AddRemove-{6A1F72DD-2465-43A2-A137-8A849399B7A8} - c:\programme\InstallShield Installation Information\{6A1F72DD-2465-43A2-A137-8A849399B7A8}\Install.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{F4F41D14-E0DD-4FB4-AA09-A14225C769BD} - c:\programme\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-21 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-953792537-315184200-2242276583-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*& ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-953792537-315184200-2242276583-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*& \OpenWithList]
@Class="Shell"
"a"="PDFCreator.exe"
"MRUList"="a"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\CyberLink\Shared files\RichVideo.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-21  22:00:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-21 20:00
.
Vor Suchlauf: 13 Verzeichnis(se), 26.590.351.360 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 31.144.103.936 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 07074EFAD4A6F840DC51E6EC954ED3E3

--- --- ---

GVU Trojaner - PC gesperrt - Windows XP

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - PC gesperrt - Windows XP