w32.matsnu in Phishing-Mail zip.datei

Raeve · 20.06.2013, 22:53

Hallo,

mir wurde vor einem halben Jahr hier sehr kompetent geholfen und als es diesmal eine Freundin erwischt hat, wollte ich mich wieder an euch wenden.

Kurz zusammengefasst, sie hat diese E-mail erhalten:

Zitat:

"Sehr geehrter Buch Online GmbH AG Kunde,

durch Ihren abgeschlossenem Vertrag vom 18.04.2013 haben Sie sich vertraglich verpflichtet die Summe von 194,00 Euro an unseren Mandanten zu überweisen.

Ihrer Verpflichtung sind Sie bis heute nicht nachgekommen.

Weiterhin sind Sie aus Gründen des Verzuges dazu verpflichtet die Ausgaben unserer Leistung zu tragen.

Unser Anwalt-Büro wurden von der Firma Buch Online GmbH AG beauftragt die finanziellen Interessen zu vertreten. Die Bevollmächtigung wurde anwaltlich schriftlich versichert.

Die Kosten unserer Beauftragung errechnen sich nach dieser Abrechnung:

************************
13,00 Euro (nach Nummer 7555 RGV)
26,00 Euro (Pauschalvergütung gemäß RVG § 4 Abs. 1 und 2)
************************

Wir verpflichten Sie mit Kraft unserer Mandantschaft den gesamten Betrag auf das Bankkonto unseren Mandanten zu übersenden. Die Kontodaten und die Lieferdaten der Bestellung finden Sie im Anhang. Für den Eingang der Zahlung setzten wir Ihnen eine gesetzliche Zeitfrist bis zum 26.06.2013.

Mit freundliche Grüßen Mathilda Seidel Anwaltschaft"

Email Adresse: denis.confais@wanadoo.fr

Die im Anhang befindliche Zip-Datei hat sie gedownloadet, beim anschließenden Öffnen wurde die Datei scheinbar von Microsoft Security Essentials abgegriffen und direkt in Quarantäne verschoben.
"Scheinbar" weil es relativ schnell ging und sie mir keine genaue Angabe dazu machen konnte. Allerdings öffnete die Datei nicht und ich fand sie anschließend im besagten Quarantäne-Ordner.

Der komplette System-Scan ist durch und hat sonst nichts gefunden, Einschränkungen sind bisher nicht aufgetreten.

Jetzt stellt sich natürlich die Frage, ist sie mit einem blauen Auge davongekommen oder könnte der Trojaner sich doch irgendwie eingenistet haben?

Schonmal vielen Dank im Voraus

MfG
Raeve

aharonov · 21.06.2013, 00:19

Hallo Raeve,

Zitat:

Jetzt stellt sich natürlich die Frage, ist sie mit einem blauen Auge davongekommen oder könnte der Trojaner sich doch irgendwie eingenistet haben?

So wie du es beschreibst, hat Microsoft Security Essentials wohl noch rechtzeitig eingegriffen. Aber wir können zur Sicherheit ja mal genauer hinschauen:
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.

Raeve · 21.06.2013, 07:50

Hi vielen Dank für die schnelle Antwort, ich muss mich leider korrigieren, der Scan war scheinbar doch noch nicht durch, denn er hat einen aktiven win32.matsnu gefunden, allerdings weiterhin ohne irgendwelche Einschränkungen
Ich hab ihn erstmal ebenfalls in Quarantäne verschoben, die weitern Logfiles poste ich dann im Laufe des Tages.

MfG
Raeve

aharonov · 21.06.2013, 12:04

Hi,

jep, sobald die Logs da sind, kann ich mir mal ein Bild der Lage machen.
Und poste bitte auch das Log des Scans mit dem win32.matsnu-Fund.

Raeve · 21.06.2013, 21:34

Hi,

so hier sind die ganzen Logs, ich hoffe, ich hab alles was du brauchst.

Die Scans von Microsoft Security Essentials:

Elemente:
file:C:\Users\***\AppData\Local\Temp\Kostenrechnung *** vom 17.06.2013 Rechtsanwalt Buch Online GmbH AG.zip
file:C:\Users\***\AppData\Local\Temp\tJuJU6Vq.zip.part

Sind das die die du meintest oder gibts es da noch andere Logs von MSE?

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.06.2013 14:46:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,91% Memory free
7,59 Gb Paging File | 5,64 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 87,79 Gb Free Space | 58,90% Space Free | Partition Type: NTFS
Drive D: | 430,52 Gb Total Space | 169,38 Gb Free Space | 39,34% Space Free | Partition Type: NTFS
Drive E: | 1007,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.21 14:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Scans\OTL.exe
PRC - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.17 23:54:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\Firefox\firefox.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.08 16:25:08 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.10.26 21:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.26 11:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009.10.21 13:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe
MOD - [2013.05.17 23:53:30 | 003,128,728 | ---- | M] () -- D:\Programme\Mozilla Firefox\Firefox\mozjs.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.02.15 03:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.01.08 05:27:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.25 17:02:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.05.06 12:52:24 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.23 17:20:32 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.08 05:27:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.12.17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.27 00:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.10.27 00:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.15 11:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.09.04 07:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.08.21 08:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.20 20:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.21 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.19 00:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.19 00:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins
 
[2011.06.18 18:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.05.21 14:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v2gac7q2.default\extensions
 
O1 HOSTS File: ([2012.02.03 22:45:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A90A57B7-D440-4A70-9427-4C421A8F7712}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.26 16:37:22 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.07.26 16:45:07 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.07.26 16:45:08 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.07.26 16:44:48 | 000,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.21 14:45:59 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.21 11:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.21 11:37:37 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 21:33:38 | 001,644,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.18 21:33:38 | 000,708,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.18 21:33:38 | 000,661,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.18 21:33:38 | 000,153,622 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.18 21:33:38 | 000,125,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.13 21:06:41 | 744,989,930 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013.06.21 14:45:59 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.04.08 13:12:53 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.21 18:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.10.21 18:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.10.21 18:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.10.21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.03.08 23:50:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.04.07 18:08:46 | 000,035,419 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2568493480-1061946383-3581521145-1001\$R9R4RJS\UTGame\Published\CookedPC\Script\Mod_DZArenaMuts.u
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.02 17:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge
[2011.06.14 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Im folgenden Log sind gegen Ende diverse Fehlermeldungen, ist das normal bei diesem Log oder habe ich irgendetwas beim erstellen falsch gemacht?

Extra.txt Log

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.06.2013 14:46:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Scans
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,91% Memory free
7,59 Gb Paging File | 5,64 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 87,79 Gb Free Space | 58,90% Space Free | Partition Type: NTFS
Drive D: | 430,52 Gb Total Space | 169,38 Gb Free Space | 39,34% Space Free | Partition Type: NTFS
Drive E: | 1007,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Vlc-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\Vlc-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "D:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Vlc-Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\Vlc-Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D363AEA-7F0E-4CB3-AC10-C78646EDFBB5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1DDAF96E-3BE4-4085-8BFD-A11EEF86B259}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30FDCFB6-9C68-49BF-8B8B-841A30380404}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{39203612-7479-4E5E-ACFE-D5A2B48EBC11}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{40256650-B115-45D7-BA61-FDA24311B94F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{435F50ED-1F8C-44BD-AC4B-A9F08AD11CE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{451DB880-1CD8-4AB3-98D2-394A9B19DF7E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4BC46AF3-7DB6-41F2-8C5E-F080CD935226}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5E0971B7-2AF3-4D45-9004-433973D6D93E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B4C00D9-DF11-4429-B066-B697FFB07A8F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{753565E8-9DA1-4FE0-A3B8-6C1A7F3E62B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{771A91CD-0FB9-4D8A-844C-2D3539498A43}" = rport=139 | protocol=6 | dir=out | app=system | 
"{81FFCB6A-A1DD-4138-B0D6-2DB3AD08B839}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88058B79-8ABB-4726-8581-081A18465AB1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C353817-A421-4BA8-A78C-9CD61176E0F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9CCC6F72-8D1C-4DB6-A1A2-89721493E34D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B0A57924-BC7F-4592-92D0-EA97724243B1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B4D32A3C-37F8-4F9F-9C80-F37D665A107B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8765AC2-2068-413F-A0C6-7548BCB9DC34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D0A02165-D711-417C-84A7-1A30275175FC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D920CE3E-D5F0-4E15-A00A-4265F79DA05A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA896465-E3F1-4A21-A7DB-5FBA2E3D4A2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFC93ED3-EE6A-4966-8956-90B2827DF7EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FACFE0BE-24FC-4DF1-B6A0-FEA274AB328D}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0437940D-FA8B-4AFA-8F99-60246A73E048}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B9544F5-56AA-4D80-AF28-62C40AC9F7DC}" = protocol=17 | dir=in | app=d:\spiele\battlefield 2 demo\bf2.exe | 
"{1AE8BCBB-C306-4E67-8099-F5493D5BC4D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A3B8C61-AB43-4BAD-A43E-6C8424728787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A773A34-042A-4CBB-A81D-3529C6A567E1}" = protocol=6 | dir=in | app=d:\spiele\unreal tournament\binaries\ut3.exe | 
"{387A4131-A821-44F4-AC1B-BCE8453DCF2B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3F433692-99E4-4C63-BD1A-F0500C91B068}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{49770CF3-3219-40A1-A6EB-E3B0E29A9D9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E16C826-564E-4A7B-924D-A42C521092D2}" = protocol=17 | dir=in | app=d:\spiele\hawx\hawx.exe | 
"{50EB211D-9DA2-4797-8430-70EF9A34DED9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52AA4742-32E9-45F9-8EF9-FDED915D07BD}" = protocol=6 | dir=in | app=d:\spiele\hawx\hawx_dx10.exe | 
"{53C39736-3930-4A33-811C-8B347C78FC32}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office14\onenote.exe | 
"{566C1CB1-497C-4156-97F5-A42AE6CBC7A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5691ADCF-3B5A-43B9-B29C-F42A59034EA6}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{6553BDE2-BBCC-4DBC-87AC-EB4975EDE0EA}" = protocol=6 | dir=in | app=d:\ea games\battlefield 2\bf2.exe | 
"{66BE339E-E300-4EA1-B7EB-304B395AF061}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6AC4E768-4876-43BF-8AAE-06F2E598D3D8}" = protocol=6 | dir=in | app=d:\spiele\hawx\hawx.exe | 
"{6BDE55F9-A2E6-4ECC-8681-2467F8216559}" = protocol=6 | dir=in | app=d:\spiele\battlefield 2 demo\bf2.exe | 
"{71FD1BB4-192C-4779-A768-8A0BB34BEBF5}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office14\onenote.exe | 
"{792409CA-90F3-4C9A-8D0E-F8408D78B6AB}" = protocol=17 | dir=in | app=d:\spiele\unreal tournament\binaries\ut3.exe | 
"{7A064918-C0D2-49FC-A7F6-48F3C825ABB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A6BCD3F-0413-49AD-BD88-24A50D1A9A39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88D22CEC-70F9-4260-910A-7131DAE51B4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C59671C-492B-44E3-80F4-EF23574874CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9698183B-5E36-4049-8CB6-D1AAB407B15A}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"{9FA1C80D-1270-482E-B46E-72EF51196DAE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A85FFD18-2214-441F-BEFA-07783C297E38}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A97CF6F6-62FC-459F-9440-0BADD4B4603F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AA58FEF4-DF9A-4017-BB39-690369640374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB50813D-B9AD-400F-BE82-C0DB06384571}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{AC16A3BB-C553-49EB-A451-6E1BD5CCAEA1}" = protocol=6 | dir=out | app=system | 
"{B81A607F-7531-43D5-ADD1-2828ADD8E142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B83B3B42-7AA8-442E-B473-0C966AFC4376}" = protocol=17 | dir=in | app=d:\spiele\hawx\hawx_dx10.exe | 
"{C2D638AA-CD27-4CA0-ABCB-842BCFC087D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DF04B337-7D1E-4334-9722-B709F43D3133}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F207310E-BB9F-4DA0-828E-6EDC18727B8C}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F4AF8D27-39FA-4BE0-A732-3B4FBE238929}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F68D82D7-DB3F-4634-8F44-0C8E1BB547B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA9C2E70-270F-4AD5-9F43-2D3F6067B175}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FD75EFCB-CABC-46F4-8759-FF3A0B401090}" = protocol=17 | dir=in | app=d:\ea games\battlefield 2\bf2.exe | 
"TCP Query User{07489515-8C21-4CC8-AD34-6C86D4EC256E}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"TCP Query User{09625FD7-0A0D-4B26-B679-6BDC1A2A41C0}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{2D414827-5500-4270-84B9-5CF94CB10987}D:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\der herr der ringe online\lotroclient.exe | 
"TCP Query User{3A2A5751-AE5F-4BE3-9199-E242571198FC}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{3DA8F1E8-8A54-44D8-A023-204B10F80CE9}C:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"TCP Query User{4EF0CD91-B36B-45FE-998E-341140F0FE28}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{57608884-84E3-468C-B133-9C388E3E36B0}D:\spiele\hawx\hawx.exe" = protocol=6 | dir=in | app=d:\spiele\hawx\hawx.exe | 
"TCP Query User{5A2577A0-E3AB-4C82-B7DD-018B3D709472}D:\programme\mozilla firefox\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox\plugin-container.exe | 
"TCP Query User{714D295F-FBD5-442F-BCA6-FA725A3E894F}C:\users\***\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe | 
"TCP Query User{9B763698-B619-4C11-B9D4-ECB97B9DD481}D:\spiele\battlefield 2 demo\bf2.exe" = protocol=6 | dir=in | app=d:\spiele\battlefield 2 demo\bf2.exe | 
"TCP Query User{A418FC61-399C-4EE6-8922-172B247D2625}D:\spiele\unreal tournament\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\spiele\unreal tournament\binaries\ut3.exe | 
"TCP Query User{B229430B-A205-4A26-9E60-0B97457CFB62}D:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\der herr der ringe online\lotroclient.exe | 
"TCP Query User{C2D3E47F-2DD4-449D-BB68-38172EB0DB2C}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{C7AFCD6C-3289-4AF8-AF96-BC6466E41F60}D:\programme\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla\firefox\firefox.exe | 
"TCP Query User{C7D8458B-CA39-4F5E-909E-B0E45B24ED65}D:\spiele\re-volt\re-volt\revolt.exe" = protocol=6 | dir=in | app=d:\spiele\re-volt\re-volt\revolt.exe | 
"TCP Query User{D5966C44-2366-4B80-94D0-0E643D00B77D}D:\programme\qip\qip neu\qip 2010\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip\qip neu\qip 2010\qip.exe | 
"TCP Query User{E1128C11-C8FC-4F0D-8667-D6786605C843}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{F7C0DA17-321D-40F0-AE54-3A55DE1B561C}D:\programme\qip\qip neu\qip 2010\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip\qip neu\qip 2010\qip.exe | 
"UDP Query User{0869FD13-CE17-4D7A-ABD8-7126D94D25C1}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{109B138B-64AA-4E9C-B0E0-01514022C4F4}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{158E49FA-EF68-49AB-88F2-2A6478A1B86D}D:\programme\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla\firefox\firefox.exe | 
"UDP Query User{20D61693-C8A2-4ED6-9C2D-080DAD6F1AB8}D:\spiele\battlefield 2 demo\bf2.exe" = protocol=17 | dir=in | app=d:\spiele\battlefield 2 demo\bf2.exe | 
"UDP Query User{35F06938-1166-4061-BEA7-487042A25D0F}D:\programme\qip\qip neu\qip 2010\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip\qip neu\qip 2010\qip.exe | 
"UDP Query User{3768148D-9532-4B32-8E8A-C6AA50ED99C3}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{38CA2347-A4E0-42AB-B16E-983F36EE19BF}D:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\der herr der ringe online\lotroclient.exe | 
"UDP Query User{4872D7B7-AAC1-4C7E-8FF2-F5F69852327C}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"UDP Query User{4ECB035E-1F45-4838-85FA-55D484AF6617}D:\spiele\re-volt\re-volt\revolt.exe" = protocol=17 | dir=in | app=d:\spiele\re-volt\re-volt\revolt.exe | 
"UDP Query User{8B7C28C3-1A00-4144-987F-A7E2EF728588}D:\programme\mozilla firefox\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox\plugin-container.exe | 
"UDP Query User{8EB02C65-676C-4CC5-9124-3C426749B150}C:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"UDP Query User{940752C4-A14F-43C7-8223-B3CF571391A3}D:\spiele\hawx\hawx.exe" = protocol=17 | dir=in | app=d:\spiele\hawx\hawx.exe | 
"UDP Query User{9AA4756D-ABDA-4C3C-9B17-9ACE12CA0754}C:\users\***\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe | 
"UDP Query User{A6E1705E-7338-4A74-B353-741BE037CB45}D:\programme\qip\qip neu\qip 2010\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip\qip neu\qip 2010\qip.exe | 
"UDP Query User{D596837E-EF78-4D1D-830F-C6C9EA103D63}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{DF517A14-9016-4719-818A-D49EE9B896DA}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{F0E5EC73-667B-47BA-9A8C-8024E26E5555}D:\spiele\unreal tournament\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\spiele\unreal tournament\binaries\ut3.exe | 
"UDP Query User{F8DD01A0-EBFA-4736-9179-8E140660E373}D:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\der herr der ringe online\lotroclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PRJPROR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPROR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PRJPROR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PRJPROR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}_Office14.PRJPROR_{8388E8B0-3DC3-4A7B-9EE0-FCBB1C3363F6}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4k, 2010.10.29
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Minen Von Moria v02.01.03.4020
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Bridge Building Game" = Bridge Building Game
"Dia" = Dia (nur entfernen)
"DivX Setup.divx.com" = DivX-Setup
"Guild Wars 2" = Guild Wars 2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Patrizier II Gold_is1" = Patrizier II Gold
"Trine_is1" = Trine
"UltraStar Deluxe" = UltraStar Deluxe
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2012 11:34:10 | Computer Name = ***-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 01.04.2012 11:35:03 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.04.2012 17:13:04 | Computer Name = ***-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 02.04.2012 17:14:19 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.04.2012 08:54:07 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LifeFrame.exe, Version: 3.0.0.0, 
Zeitstempel: 0x49cc331c  Name des fehlerhaften Moduls: camera.dll, Version: 0.0.0.0,
 Zeitstempel: 0x49ee81c3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000069b8  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cd15869685a55f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\ASUS\ASUS LifeFrame3\camera.dll
Berichtskennung:
 ed20253a-8179-11e1-b92d-485b39e6e6e1
 
Error - 08.04.2012 08:54:18 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LifeFrame.exe, Version: 3.0.0.0, 
Zeitstempel: 0x49cc331c  Name des fehlerhaften Moduls: quartz.dll, Version: 6.6.7601.17713,
 Zeitstempel: 0x4ea78b37  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000e0b6  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cd15869685a55f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\quartz.dll  Berichtskennung: f396e735-8179-11e1-b92d-485b39e6e6e1
 
Error - 09.04.2012 15:38:30 | Computer Name = ***-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 09.04.2012 15:39:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.04.2012 16:17:22 | Computer Name = ***-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 10.04.2012 16:18:29 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 14.04.2013 19:00:22 | Computer Name = ***PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.04.2013 09:31:40 | Computer Name = ***-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.346.0     Aktualisierungsquelle: %%859

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9402.0     Fehlercode:
 0x80072ee2     Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 
 
Error - 15.05.2013 18:01:02 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.05.2013 04:48:21 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.05.2013 04:48:31 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.05.2013 19:06:11 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?05.?2013 um 01:03:18 unerwartet heruntergefahren.
 
Error - 06.06.2013 19:30:05 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?06.?2013 um 01:27:48 unerwartet heruntergefahren.
 
Error - 12.06.2013 18:07:54 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.06.2013 15:07:00 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?06.?2013 um 19:08:23 unerwartet heruntergefahren.
 
Error - 13.06.2013 15:07:18 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

Gmer Log

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-21 22:06:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldrpow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031ff000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031ff02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\svchost.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Windows\SysWOW64\svchost.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a71465 2 bytes [A7, 77]
.text C:\Users\***\AppData\Local\Akamai\netsession_win.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a714bb 2 bytes [A7, 77]
.text ... * 2
.text

Schonmal vielen vielen Dank, dass du dich hier durchwühlst.

Mfg
Raeve

aharonov · 21.06.2013, 21:48

Hallo,

Zitat:

Sind das die die du meintest oder gibts es da noch andere Logs von MSE?

Ja, das meinte ich. Aber da kann man Entwarnung geben, das sind keine aktiven Funde, sondern nur Spuren vom Entpacken.
Auch sonst sehen die Logs gut aus, aber wir können noch eine Kontrolle machen:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Raeve · 22.06.2013, 09:08

Hi,

hier wieder die nächsten Logs.
Vorher noch eine Frage: Die Dateien die ich in Quarantäne verschoben habe, muss ich die irgendwie besonders löschen oder einfach mit MSE?

Bei diesem Log hab ich dein Commando vorher nicht eingegeben, ich poste ihn trotzdem mal, danach kommt glaub ich die Version die funktioniert hat.

Error: Unable to interpret <OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.06.2013 14:46:46 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Scans> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7601.17514)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <3,79 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,91% Memory free> in the current context!
Error: Unable to interpret <7,59 Gb Paging File | 5,64 Gb Available in Paging File | 74,32% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 149,04 Gb Total Space | 87,79 Gb Free Space | 58,90% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 430,52 Gb Total Space | 169,38 Gb Free Space | 39,34% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 1007,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: ***-PC | User Name: User | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2013.06.21 14:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Scans\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe> in the current context!
Error: Unable to interpret <PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe> in the current context!
Error: Unable to interpret <PRC - [2013.05.17 23:54:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\Firefox\firefox.exe> in the current context!
Error: Unable to interpret <PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe> in the current context!
Error: Unable to interpret <PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2011.03.08 16:25:08 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe> in the current context!
Error: Unable to interpret <PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <PRC - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe> in the current context!
Error: Unable to interpret <PRC - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.26 21:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.26 11:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.21 13:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe> in the current context!
Error: Unable to interpret <PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe> in the current context!
Error: Unable to interpret <PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe> in the current context!
Error: Unable to interpret <MOD - [2013.05.17 23:53:30 | 003,128,728 | ---- | M] () -- D:\Programme\Mozilla Firefox\Firefox\mozjs.dll> in the current context!
Error: Unable to interpret <MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll> in the current context!
Error: Unable to interpret <MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll> in the current context!
Error: Unable to interpret <MOD - [2011.02.15 03:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll> in the current context!
Error: Unable to interpret <MOD - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <MOD - [2011.01.08 05:27:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2013.03.25 17:02:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)> in the current context!
Error: Unable to interpret <SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)> in the current context!
Error: Unable to interpret <SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)> in the current context!
Error: Unable to interpret <SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)> in the current context!
Error: Unable to interpret <SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)> in the current context!
Error: Unable to interpret <SRV - [2011.05.06 12:52:24 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)> in the current context!
Error: Unable to interpret <SRV - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)> in the current context!
Error: Unable to interpret <SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)> in the current context!
Error: Unable to interpret <SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)> in the current context!
Error: Unable to interpret <SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)> in the current context!
Error: Unable to interpret <SRV - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)> in the current context!
Error: Unable to interpret <SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)> in the current context!
Error: Unable to interpret <SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)> in the current context!
Error: Unable to interpret <SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)> in the current context!
Error: Unable to interpret <SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.10.21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.23 17:20:32 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.01.08 05:27:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.12.17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.27 00:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.27 00:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.15 11:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.09.04 07:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.21 08:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.20 20:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.21 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)> in the current context!
Error: Unable to interpret <DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)> in the current context!
Error: Unable to interpret <DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.19 00:36:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.19 00:36:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla\Firefox\components> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011.06.18 18:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.05.21 14:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v2gac7q2.default\extensions> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2012.02.03 22:45:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A90A57B7-D440-4A70-9427-4C421A8F7712}: DhcpNameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:37:22 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:45:07 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:45:08 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:44:48 | 000,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2013.06.21 14:45:59 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable> in the current context!
Error: Unable to interpret <[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2013.06.21 11:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2013.06.21 11:37:37 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 001,644,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,708,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,661,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,153,622 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,125,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2013.06.13 21:06:41 | 744,989,930 | ---- | M] () -- C:\Windows\MEMORY.DMP> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2013.06.21 14:45:59 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.04.08 13:12:53 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll> in the current context!
Error: Unable to interpret <[2011.03.08 23:50:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== ZeroAccess Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2009.04.07 18:08:46 | 000,035,419 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2568493480-1061946383-3581521145-1001\$R9R4RJS\UTGame\Published\CookedPC\Script\Mod_DZArenaMuts.u> in the current context!
Error: Unable to interpret <[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Both> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.10.02 17:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge> in the current context!
Error: Unable to interpret <[2011.06.14 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06212013_225823

Jetzt der 2. Log, ich hoffe er hat diesmal funktioniert.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 8038885322 bytes
->Temporary Internet Files folder emptied: 123856895 bytes
->Java cache emptied: 39164536 bytes
->FireFox cache emptied: 160136336 bytes
->Flash cache emptied: 50613 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Uni2

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 891408185 bytes
->Temporary Internet Files folder emptied: 2774446 bytes
->FireFox cache emptied: 377839858 bytes
->Flash cache emptied: 6446 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 574785882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2003 bytes

Total Files Cleaned = 9.736,00 mb

Error: Unable to interpret <OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.06.2013 14:46:46 - Run 1> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop\Scans> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7601.17514)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret <3,79 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 51,91% Memory free> in the current context!
Error: Unable to interpret <7,59 Gb Paging File | 5,64 Gb Available in Paging File | 74,32% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 149,04 Gb Total Space | 87,79 Gb Free Space | 58,90% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 430,52 Gb Total Space | 169,38 Gb Free Space | 39,34% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 1007,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF> in the current context!
Error: Unable to interpret <Computer Name: ***-PC | User Name: User | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret <PRC - [2013.06.21 14:46:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Scans\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe> in the current context!
Error: Unable to interpret <PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe> in the current context!
Error: Unable to interpret <PRC - [2013.05.17 23:54:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\Firefox\firefox.exe> in the current context!
Error: Unable to interpret <PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe> in the current context!
Error: Unable to interpret <PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2011.03.08 16:25:08 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe> in the current context!
Error: Unable to interpret <PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <PRC - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe> in the current context!
Error: Unable to interpret <PRC - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.26 21:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.26 11:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.21 13:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe> in the current context!
Error: Unable to interpret <PRC - [2009.08.19 21:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe> in the current context!
Error: Unable to interpret <PRC - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe> in the current context!
Error: Unable to interpret <PRC - [2008.12.22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe> in the current context!
Error: Unable to interpret <PRC - [2008.08.13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe> in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret <MOD - [2013.06.21 14:44:45 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Scans\Defogger.exe> in the current context!
Error: Unable to interpret <MOD - [2013.05.17 23:53:30 | 003,128,728 | ---- | M] () -- D:\Programme\Mozilla Firefox\Firefox\mozjs.dll> in the current context!
Error: Unable to interpret <MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\libcef.dll> in the current context!
Error: Unable to interpret <MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll> in the current context!
Error: Unable to interpret <MOD - [2011.02.15 03:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll> in the current context!
Error: Unable to interpret <MOD - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe> in the current context!
Error: Unable to interpret <MOD - [2011.01.08 05:27:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll> in the current context!
Error: Unable to interpret <========== Services (SafeList) ==========> in the current context!
Error: Unable to interpret <SRV - [2013.03.25 17:02:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)> in the current context!
Error: Unable to interpret <SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)> in the current context!
Error: Unable to interpret <SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)> in the current context!
Error: Unable to interpret <SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)> in the current context!
Error: Unable to interpret <SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)> in the current context!
Error: Unable to interpret <SRV - [2011.05.06 12:52:24 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)> in the current context!
Error: Unable to interpret <SRV - [2011.01.08 05:27:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)> in the current context!
Error: Unable to interpret <SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)> in the current context!
Error: Unable to interpret <SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)> in the current context!
Error: Unable to interpret <SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)> in the current context!
Error: Unable to interpret <SRV - [2009.11.09 20:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)> in the current context!
Error: Unable to interpret <SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)> in the current context!
Error: Unable to interpret <SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)> in the current context!
Error: Unable to interpret <SRV - [2009.06.15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)> in the current context!
Error: Unable to interpret <SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)> in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret <DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.10.21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.06.27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.23 17:20:32 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2011.01.08 05:27:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.12.17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.27 00:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.27 00:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.10.15 11:23:20 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.09.04 07:39:08 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.21 08:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.20 20:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.08.06 15:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.21 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.05.13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)> in the current context!
Error: Unable to interpret <DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)> in the current context!
Error: Unable to interpret <DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)> in the current context!
Error: Unable to interpret <DRV - [2009.07.02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)> in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.19 00:36:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.19 00:36:11 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla\Firefox\components> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla\Firefox\plugins> in the current context!
Error: Unable to interpret <[2011.06.18 18:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2012.05.21 14:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v2gac7q2.default\extensions> in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2012.02.03 22:45:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)> in the current context!
Error: Unable to interpret <O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A90A57B7-D440-4A70-9427-4C421A8F7712}: DhcpNameServer = 192.168.2.1> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:37:22 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:45:07 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:45:08 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.07.26 16:44:48 | 000,000,156 | R--- | M] () - E:\autorun.inf -- [ UDF ]> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)> in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret <[2013.06.21 14:45:59 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable> in the current context!
Error: Unable to interpret <[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2013.06.21 11:45:07 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2013.06.21 11:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2013.06.21 11:37:37 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 001,644,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,708,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,661,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,153,622 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat> in the current context!
Error: Unable to interpret <[2013.06.18 21:33:38 | 000,125,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2013.06.13 21:06:41 | 744,989,930 | ---- | M] () -- C:\Windows\MEMORY.DMP> in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret <[2013.06.21 14:45:59 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable> in the current context!
Error: Unable to interpret <[2012.04.08 13:12:53 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll> in the current context!
Error: Unable to interpret <[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:27:54 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin> in the current context!
Error: Unable to interpret <[2011.10.21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll> in the current context!
Error: Unable to interpret <[2011.03.08 23:50:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret <========== ZeroAccess Check ==========> in the current context!
Error: Unable to interpret <[2009.04.07 18:08:46 | 000,035,419 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2568493480-1061946383-3581521145-1001\$R9R4RJS\UTGame\Published\CookedPC\Script\Mod_DZArenaMuts.u> in the current context!
Error: Unable to interpret <[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64> in the current context!
Error: Unable to interpret <[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Apartment> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]> in the current context!
Error: Unable to interpret <"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Free> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64> in the current context!
Error: Unable to interpret <"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)> in the current context!
Error: Unable to interpret <"ThreadingModel" = Both> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]> in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret <[2012.10.02 17:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge> in the current context!
Error: Unable to interpret <[2011.06.14 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone> in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret << End of report >

--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06212013_230053

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.21.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [limited]

21.06.2013 23:11:31
mbam-log-2013-06-21 (23-11-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184766
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=13c67f1c093b434080ae250c3babb8ee
# engine=14129
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-22 05:41:45
# local_time=2013-06-22 07:41:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 66296487 123509555 0 0
# scanned=276443
# found=0
# cleaned=0
# scan_time=29422

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 23
Java-Editor 10.4k, 2010.10.29
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Un nochmal mal vielen vielen Dank für die Mühen.

MfG
Raeve

aharonov · 22.06.2013, 10:57

Hi,

Zitat:

Die Dateien die ich in Quarantäne verschoben habe, muss ich die irgendwie besonders löschen oder einfach mit MSE?

In Quarantäne ist das Ding tot. Du kannst es löschen oder dort belassen - spielt keine Rolle.

Da ist noch einiges an outdated Software drauf. Korrigier das noch, danach räumen wir auf.

Schritt 1

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 25.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:

Lade dir die neueste Java-Version herunter.
Schliesse alle laufenden Programme, speziell den Browser.
Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".

Schritt 2

Downloade und installiere dir die neuste Version des Mozilla Firefox.

Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 4

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:

Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.

Starte defogger und drücke den Button Re-enable.
Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
- Schliesse alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.

>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus.

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:

Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.

Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.

Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:

NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:

Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Raeve · 22.06.2013, 11:41

Hi,

ich bin jetzt mit allem durch, habe alles soweit geupdatet und auch jetzt keine weiteren Probleme gehabt.

Zwei kleinere Fragen habe ich trotzdem noch:
Müssen/sollten Passwörter jetzt geändert werden auch wenn man sich nirgendwo mehr eingeloggt hat nachdem es gefunden wurde?

Würdest du eine komplette Neuinstallation von Windows 7 empfehlen oder wie sind die Chancen, dass trotz allen Bemühungen noch was durchgerutscht ist?

Abschließend dann nochmal vielen vielen Dank, es ist wirklich toll, dass es dieses Forum gibt und einem so schnell und gut geholfen wird. Ich wünsche noch ein schönes Wochenende.

MfG
Raeve

aharonov · 22.06.2013, 12:15

Hi,

Zitat:

Müssen/sollten Passwörter jetzt geändert werden auch wenn man sich nirgendwo mehr eingeloggt hat nachdem es gefunden wurde?

Von Zeit zu Zeit alle Passwörter zu ändern, ist generell eine gute Idee. Aber auf deinem Rechner war keine Malware zu sehen, also besteht kein unmittelbar dringender Handlungsbedarf in diese Richtung.

Zitat:

Würdest du eine komplette Neuinstallation von Windows 7 empfehlen oder wie sind die Chancen, dass trotz allen Bemühungen noch was durchgerutscht ist?

Da ist nichts durchgerutscht, Microsoft Security Essentials hat rechtzeitig eingegriffen. Wenn sich win32.matsnu hätte installieren können, hättest du das schon ziemlich deutlich gespürt..

Aufgrund dieses Vorfalls und deiner Logs im Allgemeinen seh ich keinen zwingenden Grund für eine Neuinstallation, das System sieht sauber aus. Aber falls du dich immer noch unsicher fühlst und es dich beruhigen würde, dann tu es.

Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.

21.06.2013, 12:04	#4
aharonov /// TB-Ausbilder	w32.matsnu in Phishing-Mail zip.datei Hi, jep, sobald die Logs da sind, kann ich mir mal ein Bild der Lage machen. Und poste bitte auch das Log des Scans mit dem win32.matsnu-Fund. __________________ cheers, Leo

w32.matsnu in Phishing-Mail zip.datei

Plagegeister aller Art und deren Bekämpfung: w32.matsnu in Phishing-Mail zip.datei