| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2012, 12:19
| #1 |
| |  GUV Trojaner Hallo, Ich bin zum ersten mal hier und versuch mich noch zurecht zu finden! Ich hab den GVU-Trojaner auf meinem PC. Hab jetzt das Malwarebytes Anti-Malware Programm im Quick scan durchgeführt. Unter Quarantäne wurden 4 Sachen abgelegt: Trojan.Ransom.Gen Exploit.Drop.GS Backdoor.Agent Exploit.Drop.GS Dann Hab ich den Defogger Runtergeladen und Ausgeführt der hat allerdings nichts gefunden. Ich mach jetz mit den weiteren Anweisungen auf eurer Seite weiter (OTL usw.). Danke schonmal für die Hilfe. Gruß Christian OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2012 13:22:06 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,80% Memory free 6,22 Gb Paging File | 4,35 Gb Available in Paging File | 70,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,33 Gb Total Space | 206,06 Gb Free Space | 70,25% Space Free | Partition Type: NTFS Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe PRC - [2012.08.29 13:36:10 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.08.09 08:12:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.11.17 18:35:06 | 001,404,808 | ---- | M] (PixelPlanet GmbH) -- C:\Programme\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.10 09:29:20 | 000,167,576 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Common Files\Autodesk Shared\WSCommCntr1.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 08:42:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 08:42:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.14 08:11:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:11:48 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.14 10:06:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.14 09:32:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 09:32:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.14 08:09:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.14 08:08:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.14 08:08:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.03.21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.10.05 18:01:56 | 000,512,000 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.09.29 18:49:35 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.09.29 18:49:34 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.09.29 18:49:23 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.09.29 18:49:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008.09.29 18:49:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.09.29 18:49:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.09.29 18:49:22 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.09.29 18:49:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.09.29 18:49:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.09.29 18:49:18 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2971.39044_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.09.29 18:49:17 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.09.29 18:49:17 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.09.29 18:49:17 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.09.29 18:49:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.09.29 18:49:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.09.29 18:49:16 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.09.29 18:49:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.09.29 18:49:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll MOD - [2008.09.29 18:49:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll MOD - [2008.09.29 18:49:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.09.29 18:49:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.02.20 17:30:04 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.02.20 00:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll MOD - [2007.10.17 11:38:22 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll MOD - [2007.10.17 11:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll MOD - [2007.10.17 11:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll MOD - [2007.10.17 11:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll MOD - [2007.10.17 11:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll MOD - [2007.10.17 10:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll MOD - [2007.10.17 10:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.08.28 08:29:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$GW) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2009.10.05 18:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService) SRV - [2009.02.17 14:06:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfusb.sys -- (Tosrfusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid) DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.02.20 02:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499 IE - HKCU\..\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@eleco.com/o2cplayer: C:\Program Files\Eleco\o2c Player\npO2CPlayer.DLL (ELECO Software GmbH) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Ibfiere] C:\Users\Technoplan\AppData\Roaming\Cooh\xiil.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: NameServer = 192.168.0.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell - "" = AutoRun O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 13:20:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe [2012.08.30 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Malwarebytes [2012.08.30 11:07:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\UAs [2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\xmldm [2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\kock [2012.08.28 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Google [2012.08.28 08:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.28 08:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Tauku [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Idowx [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Cooh [2011.08.29 10:24:01 | 053,710,568 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Technoplan\ElsterFormular-12.3.2.6814p.exe [1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe [2012.08.30 13:00:21 | 000,000,000 | ---- | M] () -- C:\Users\Technoplan\defogger_reenable [2012.08.30 12:59:29 | 000,050,477 | ---- | M] () -- C:\Users\Technoplan\Desktop\Defogger.exe [2012.08.30 12:55:52 | 009,507,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.30 12:55:52 | 003,298,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 12:55:52 | 002,983,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.30 12:55:52 | 002,664,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 12:50:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 12:50:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 12:50:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 12:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 12:50:01 | 3220,316,160 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 12:42:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 12:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.30 11:11:35 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.08.30 11:07:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 09:42:28 | 000,000,016 | ---- | M] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res [2012.08.28 08:35:48 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.20 14:09:52 | 000,000,010 | ---- | M] () -- C:\Windows\SHISETUP.SYS [2012.08.17 08:09:21 | 000,443,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 13:00:21 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\defogger_reenable [2012.08.30 12:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Technoplan\Desktop\Defogger.exe [2012.08.30 11:07:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 09:41:41 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.08.28 12:11:30 | 000,000,016 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res [2012.08.28 08:31:27 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.08.16 08:09:21 | 000,000,680 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\d3d9caps.dat [2011.04.07 10:16:58 | 000,000,010 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2010.10.26 09:23:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.10.26 09:23:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.10.20 16:25:20 | 000,101,770 | ---- | C] () -- C:\Users\Technoplan\2009.elfo [2010.05.07 11:13:48 | 000,004,096 | -H-- | C] () -- C:\Users\Technoplan\AppData\Local\keyfile3.drm [2009.02.19 17:35:06 | 000,006,355 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2009.02.19 14:24:04 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\wklnhst.dat [2009.02.18 17:00:27 | 000,018,944 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.01.16 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\1&1 Mail & Media GmbH [2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Acer GameZone Console [2009.02.19 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Autodesk [2012.08.16 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Cooh [2012.01.20 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\elsterformular [2012.08.14 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Idowx [2011.11.24 09:40:30 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Iqbe [2011.12.16 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\IrfanView [2012.08.28 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\kock [2009.03.09 10:08:33 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Mensch und Maschine [2012.03.15 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\OpenOffice.org [2009.12.11 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\PixelPlanet [2012.08.15 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Tauku [2009.02.27 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\TeamViewer [2012.08.29 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\UAs [2011.11.24 09:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Uhbeum [2012.08.29 10:43:32 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\xmldm [2010.11.25 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Zylom [2012.08.30 12:49:02 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 714 bytes -> C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2012 13:22:07 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,80% Memory free
6,22 Gb Paging File | 4,35 Gb Available in Paging File | 70,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 206,06 Gb Free Space | 70,25% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52639EEF-7156-40A1-9C5A-D03B2780EE2C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6DA92C3F-2AA1-4278-AF88-48B8E3FE42C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{862FEE24-57C0-42F8-95E9-AA36032603FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{86F7E69E-2605-42F3-A68E-BE7294216CAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{99B91ED6-94FD-43C4-A162-3F3D141FF23B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEC0CCFD-051E-4EDF-B3AF-C1C977FC3A5C}" = lport=137 | protocol=17 | dir=in | app=system |
"{CF946A69-EE1D-4FEA-9465-158EDF1B7DA6}" = rport=445 | protocol=6 | dir=out | app=system |
"{E00B91EE-AFF6-4B26-8BBB-67761FE51B1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB7B14B6-7B44-4A6C-B944-736CB705ED8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA415279-AFE5-470C-AE79-0E852A41A396}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E26353-4C49-4E6F-ADF1-97B82DE56CD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{07C103FA-BB9F-4551-909A-C06EF6C389D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{152A6112-283A-4CBF-BF1B-83021F1C7CB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{62DE9854-BE9C-417A-B948-0118FBE7C55C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{64910388-5F15-420D-B067-E2D771EB7525}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D143E9B-9C61-482E-9CC1-05C43667B932}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8636209A-1F83-42A5-8EB0-FEBE59ED42FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0F288857-105E-4B10-B323-C5C7A9B1F58B}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{2A7214A1-5BA9-4526-89D6-497AB1FCA19C}C:\program files\canon\network scangear\sgtool.exe" = protocol=6 | dir=in | app=c:\program files\canon\network scangear\sgtool.exe |
"TCP Query User{2E0552D3-DB20-404A-BF30-54DBAEA06469}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{527CF421-2D99-4A83-B2DA-7C6C7C65B12F}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{7763B622-94C0-4612-8140-26D258E7D791}C:\program files\cal3k\bin\calmus.exe" = protocol=6 | dir=in | app=c:\program files\cal3k\bin\calmus.exe |
"TCP Query User{82F58F45-3D7F-4E97-B6E3-B56B6C724D85}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{9AA4EAF7-6472-497E-BA5F-E4B2BD2FC1D1}C:\users\technoplan\saved games\aoe\empires2.exe" = protocol=6 | dir=in | app=c:\users\technoplan\saved games\aoe\empires2.exe |
"TCP Query User{A19F342E-7E9C-41FE-B7BD-689492C78F0A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B5E9228F-4161-470E-8136-EAE9DD3EFA4D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{F8E0566B-D0A9-4F1A-A497-F643FAB22BF0}E:\clicknconnect.exe" = protocol=6 | dir=in | app=e:\clicknconnect.exe |
"TCP Query User{FC729F76-186E-4DD9-A411-324BF14FF422}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{0B8C7F4D-167F-48CB-90F2-630518F1AC8A}C:\program files\canon\network scangear\sgtool.exe" = protocol=17 | dir=in | app=c:\program files\canon\network scangear\sgtool.exe |
"UDP Query User{1358F54E-92BD-4DCC-A9B5-3140415C4E20}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{146499E4-8BB1-4854-A709-94E8DDBB1B7E}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{5CBE11FD-38F9-45CB-87DB-9DA75090C4A2}C:\program files\cal3k\bin\calmus.exe" = protocol=17 | dir=in | app=c:\program files\cal3k\bin\calmus.exe |
"UDP Query User{6C977F44-8B11-41EC-8B76-7019387A5907}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{6FFA951C-9019-4B30-8D8C-C638F71BD19B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BCC2CB38-2937-4205-AF9E-60B0348D8AD7}E:\clicknconnect.exe" = protocol=17 | dir=in | app=e:\clicknconnect.exe |
"UDP Query User{D2D893B9-111E-4A32-BD56-F89E4C358FFF}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{DCBE3D7D-DC1D-48F3-B6F8-4EDD218A2BED}C:\users\technoplan\saved games\aoe\empires2.exe" = protocol=17 | dir=in | app=c:\users\technoplan\saved games\aoe\empires2.exe |
"UDP Query User{F03F1016-EAB9-4EB5-A975-ABD1262F1DCF}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{F099E5ED-7D0E-433E-A3B3-921ED174D35F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (GW)
"{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai
"{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082F3B93-6515-4230-8303-658FCB12CB62}" = Print2CAD 2012 OCR Standard
"{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation
"{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing
"{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish
"{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional
"{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish
"{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static
"{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish
"{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish
"{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian
"{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai
"{5533667F-DDBB-4264-A0AA-E546C2DF844C}" = Symbolbibliothek Haustechnik für AutoCAD
"{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-7009-0407-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - Deutsch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F68D4DF-0A31-4D57-AABD-0F2E6CF10C12}" = Network ScanGear Ver.2.2
"{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CFAF45A-F44B-4FCC-B7D8-727BF54685D6}" = Print2CAD 2012 OCR Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard
"{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93D15991-5890-47CF-85A6-83270CEC24D5}" = CALIFORNIA 3000 Arbeitsplatz Runtime
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian
"{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish
"{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian
"{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech
"{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French
"{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English
"{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian
"{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian
"{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese
"{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean
"{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian
"{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech
"{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish
"{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AutoCAD LT 2009 - Deutsch" = AutoCAD LT 2009 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"Google Chrome" = Google Chrome
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{5F68D4DF-0A31-4D57-AABD-0F2E6CF10C12}" = Network ScanGear Ver.2.2
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Drivers" = NVIDIA Drivers
"o2c Player" = o2c Player
"TeamViewer 4" = TeamViewer 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3011
Description =
Error - 30.08.2012 06:48:59 | Computer Name = Technoplan-PC | Source = EventSystem | ID = 4621
Description =
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = MSSQL$GW | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = MSSQL$GW | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3011
Description =
[ System Events ]
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 03:44:38 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 04:10:10 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:14:39 | Computer Name = Technoplan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.08.2012 um 11:12:50 unerwartet heruntergefahren.
Error - 30.08.2012 05:15:01 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:28:41 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:57:26 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 06:50:29 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 14:01:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005a WDC_WD64 rev.01.0
Running: ldl2ovql.exe; Driver: C:\Users\TECHNO~1\AppData\Local\Temp\afdiypoc.sys
---- System - GMER 1.0.15 ----
SSDT 8BC18E76 ZwCreateSection
SSDT 8BC18E80 ZwRequestWaitReplyPort
SSDT 8BC18E7B ZwSetContextThread
SSDT 8BC18E85 ZwSetSecurityObject
SSDT 8BC18E8A ZwSystemDebugControl
SSDT 8BC18E17 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 826F88D8 4 Bytes [76, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 826F8BFC 4 Bytes [80, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 826F8C30 4 Bytes [7B, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 826F8C94 4 Bytes [85, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 826F8CDC 4 Bytes [8A, 8E, C1, 8B]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F008000, 0x1F4234, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateThread 75EBCB2E 5 Bytes JMP 6A9775E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!SetWindowsHookExW 763987AD 5 Bytes JMP 6A9B25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CallNextHookEx 76398E3B 5 Bytes JMP 6A9D7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!UnhookWindowsHookEx 763998DB 5 Bytes JMP 6A9FECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DefWindowProcA 7639DB88 7 Bytes JMP 6A97980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExA 7639DC2A 5 Bytes JMP 6A983643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExW 763A1305 5 Bytes JMP 6A9E03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DefWindowProcW 763B03B4 7 Bytes JMP 6A9D8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ole32.dll!OleLoadFromStream 75FF1E80 5 Bytes JMP 6AB096B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7679B37C 4 Bytes [50, 26, 7D, 04]
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] kernel32.dll!CreateThread 75EBCB2E 5 Bytes JMP 6A9775E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SetWindowsHookExW 763987AD 5 Bytes JMP 6A9B25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CallNextHookEx 76398E3B 5 Bytes JMP 6A9D7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!UnhookWindowsHookEx 763998DB 5 Bytes JMP 6A9FECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DefWindowProcA 7639DB88 7 Bytes JMP 6A97980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateWindowExA 7639DC2A 5 Bytes JMP 6A983643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateWindowExW 763A1305 5 Bytes JMP 6A9E03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DefWindowProcW 763B03B4 7 Bytes JMP 6A9D8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] ole32.dll!OleLoadFromStream 75FF1E80 5 Bytes JMP 6AB096B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Geändert von christian2 (30.08.2012 um 13:10 Uhr) |
|
30.08.2012, 18:16
| #2 |
| /// Helfer-Team  | GUV Trojaner Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfusb.sys -- (Tosrfusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}: "URL" = http://go.web.de/tb/ie_ebay_sp/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}: "URL" = http://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}: "URL" = http://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}: "URL" = http://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499
IE - HKCU\..\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}: "URL" = http://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}: "URL" = http://go.web.de/tb2/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}: "URL" = http://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Ibfiere] C:\Users\Technoplan\AppData\Roaming\Cooh\xiil.exe File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell - "" = AutoRun
O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2012.08.30 11:11:35 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
@Alternate Data Stream - 714 bytes -> C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty
[2012.08.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\UAs
[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\xmldm
[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\kock
[2012.08.28 12:11:30 | 000,000,016 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res
:Files
C:\Users\Technoplan\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Technoplan\AppData\Local\Temp\*.exe
C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
31.08.2012, 08:18
| #3 |
| | GUV Trojaner Danke für die Hilfe! Hier der Logfile.
__________________Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 09:09:39 - Run 2> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop> in the current context! Error: Unable to interpret <Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,39% Memory free> in the current context! Error: Unable to interpret <6,22 Gb Paging File | 4,67 Gb Available in Paging File | 75,06% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context! Error: Unable to interpret <Drive C: | 293,33 Gb Total Space | 204,81 Gb Free Space | 69,82% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan> in the current context! Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <PRC - [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <PRC - [2012.08.09 08:12:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe> in the current context! Error: Unable to interpret <PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe> in the current context! Error: Unable to interpret <PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe> in the current context! Error: Unable to interpret <PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe> in the current context! Error: Unable to interpret <PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe> in the current context! Error: Unable to interpret <PRC - [2009.11.17 18:35:06 | 001,404,808 | ---- | M] (PixelPlanet GmbH) -- C:\Programme\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe> in the current context! Error: Unable to interpret <PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe> in the current context! Error: Unable to interpret <PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe> in the current context! Error: Unable to interpret <PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe> in the current context! Error: Unable to interpret <PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe> in the current context! Error: Unable to interpret <PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe> in the current context! Error: Unable to interpret <PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe> in the current context! Error: Unable to interpret <PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe> in the current context! Error: Unable to interpret <PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe> in the current context! Error: Unable to interpret <PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe> in the current context! Error: Unable to interpret <PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:42:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:42:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:11:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:11:48 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 10:06:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 09:32:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 09:32:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:09:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:08:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:08:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll> in the current context! Error: Unable to interpret <MOD - [2011.03.21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll> in the current context! Error: Unable to interpret <MOD - [2009.10.05 18:01:56 | 000,512,000 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll> in the current context! Error: Unable to interpret <MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll> in the current context! Error: Unable to interpret <MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:34 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:18 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2971.39044_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll> in the current context! Error: Unable to interpret <MOD - [2008.02.20 17:30:04 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll> in the current context! Error: Unable to interpret <MOD - [2008.02.20 00:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:22 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 10:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 10:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll> in the current context! Error: Unable to interpret <MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)> in the current context! Error: Unable to interpret <SRV - [2012.08.28 08:29:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context! Error: Unable to interpret <SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$GW)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)> in the current context! Error: Unable to interpret <SRV - [2009.10.05 18:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)> in the current context! Error: Unable to interpret <SRV - [2009.02.17 14:06:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)> in the current context! Error: Unable to interpret <SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)> in the current context! Error: Unable to interpret <SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)> in the current context! Error: Unable to interpret <SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)> in the current context! Error: Unable to interpret <SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)> in the current context! Error: Unable to interpret <SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)> in the current context! Error: Unable to interpret <SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)> in the current context! Error: Unable to interpret <SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)> in the current context! Error: Unable to interpret <SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)> in the current context! Error: Unable to interpret <SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)> in the current context! Error: Unable to interpret <SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfusb.sys -- (Tosrfusb)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)> in the current context! Error: Unable to interpret <DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)> in the current context! Error: Unable to interpret <DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)> in the current context! Error: Unable to interpret <DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)> in the current context! Error: Unable to interpret <DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)> in the current context! Error: Unable to interpret <DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)> in the current context! Error: Unable to interpret <DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)> in the current context! Error: Unable to interpret <DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)> in the current context! Error: Unable to interpret <DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)> in the current context! Error: Unable to interpret <DRV - [2008.02.20 02:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)> in the current context! Error: Unable to interpret <DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)> in the current context! Error: Unable to interpret <DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)> in the current context! Error: Unable to interpret <DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)> in the current context! Error: Unable to interpret <DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)> in the current context! Error: Unable to interpret <DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)> in the current context! Error: Unable to interpret <DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]> in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/> in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== FireFox ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@eleco.com/o2cplayer: C:\Program Files\Eleco\o2c Player\npO2CPlayer.DLL (ELECO Software GmbH)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Chrome ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <CHR - homepage: hxxp://www.google.com/> in the current context! Error: Unable to interpret <CHR - homepage: hxxp://www.google.com/> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context! Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context! Error: Unable to interpret <O1 - Hosts: ::1 localhost> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context! Error: Unable to interpret <O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)> in the current context! Error: Unable to interpret <O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [eRecoveryService] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Ibfiere] C:\Users\Technoplan\AppData\Roaming\Cooh\xiil.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context! Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: NameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg> in the current context! Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.08.30 13:20:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Malwarebytes> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context! Error: Unable to interpret <[2012.08.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2012.08.28 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Google> in the current context! Error: Unable to interpret <[2012.08.28 08:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome> in the current context! Error: Unable to interpret <[2012.08.28 08:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Tauku> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Idowx> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Cooh> in the current context! Error: Unable to interpret <[2011.08.29 10:24:01 | 053,710,568 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Technoplan\ElsterFormular-12.3.2.6814p.exe> in the current context! Error: Unable to interpret <[1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.08.31 09:07:32 | 009,554,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2012.08.31 09:07:32 | 003,312,610 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2012.08.31 09:07:32 | 002,998,806 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2012.08.31 09:07:32 | 002,678,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2012.08.31 09:01:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context! Error: Unable to interpret <[2012.08.31 09:01:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.08.31 09:01:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.08.31 09:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context! Error: Unable to interpret <[2012.08.31 09:00:40 | 3220,291,584 | -HS- | M] () -- C:\hiberfil.sys> in the current context! Error: Unable to interpret <[2012.08.31 08:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context! Error: Unable to interpret <[2012.08.31 08:33:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context! Error: Unable to interpret <[2012.08.30 13:38:26 | 000,302,592 | ---- | M] () -- C:\Users\Technoplan\Desktop\ldl2ovql.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:00:21 | 000,000,000 | ---- | M] () -- C:\Users\Technoplan\defogger_reenable> in the current context! Error: Unable to interpret <[2012.08.30 12:59:29 | 000,050,477 | ---- | M] () -- C:\Users\Technoplan\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:11:35 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad> in the current context! Error: Unable to interpret <[2012.08.30 11:07:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.08.30 09:42:28 | 000,000,016 | ---- | M] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.08.28 08:35:48 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context! Error: Unable to interpret <[2012.08.20 14:09:52 | 000,000,010 | ---- | M] () -- C:\Windows\SHISETUP.SYS> in the current context! Error: Unable to interpret <[2012.08.17 08:09:21 | 000,443,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.08.30 13:38:25 | 000,302,592 | ---- | C] () -- C:\Users\Technoplan\Desktop\ldl2ovql.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:00:21 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\defogger_reenable> in the current context! Error: Unable to interpret <[2012.08.30 12:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Technoplan\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:07:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.08.30 09:41:41 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad> in the current context! Error: Unable to interpret <[2012.08.28 12:11:30 | 000,000,016 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.08.28 08:31:27 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context! Error: Unable to interpret <[2011.08.16 08:09:21 | 000,000,680 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\d3d9caps.dat> in the current context! Error: Unable to interpret <[2011.04.07 10:16:58 | 000,000,010 | ---- | C] () -- C:\Windows\SHISETUP.SYS> in the current context! Error: Unable to interpret <[2010.10.26 09:23:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll> in the current context! Error: Unable to interpret <[2010.10.26 09:23:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin> in the current context! Error: Unable to interpret <[2010.10.20 16:25:20 | 000,101,770 | ---- | C] () -- C:\Users\Technoplan\2009.elfo> in the current context! Error: Unable to interpret <[2010.05.07 11:13:48 | 000,004,096 | -H-- | C] () -- C:\Users\Technoplan\AppData\Local\keyfile3.drm> in the current context! Error: Unable to interpret <[2009.02.19 17:35:06 | 000,006,355 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\Kommagetrennte Werte (Windows).EML> in the current context! Error: Unable to interpret <[2009.02.19 14:24:04 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\wklnhst.dat> in the current context! Error: Unable to interpret <[2009.02.18 17:00:27 | 000,018,944 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.01.16 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\1&1 Mail & Media GmbH> in the current context! Error: Unable to interpret <[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Acer GameZone Console> in the current context! Error: Unable to interpret <[2009.02.19 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Autodesk> in the current context! Error: Unable to interpret <[2012.08.16 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Cooh> in the current context! Error: Unable to interpret <[2012.01.20 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\elsterformular> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Idowx> in the current context! Error: Unable to interpret <[2011.11.24 09:40:30 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Iqbe> in the current context! Error: Unable to interpret <[2011.12.16 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\IrfanView> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2009.03.09 10:08:33 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Mensch und Maschine> in the current context! Error: Unable to interpret <[2012.03.15 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\OpenOffice.org> in the current context! Error: Unable to interpret <[2009.12.11 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\PixelPlanet> in the current context! Error: Unable to interpret <[2012.08.15 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Tauku> in the current context! Error: Unable to interpret <[2009.02.27 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\TeamViewer> in the current context! Error: Unable to interpret <[2012.08.29 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2011.11.24 09:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Uhbeum> in the current context! Error: Unable to interpret <[2012.08.29 10:43:32 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2010.11.25 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Zylom> in the current context! Error: Unable to interpret <[2012.08.31 08:59:42 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <@Alternate Data Stream - 714 bytes -> C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty> in the current context! Error: Unable to interpret << End of report > > in the current context! OTL by OldTimer - Version 3.2.59.1 log created on 08312012_091516 |
|
31.08.2012, 18:50
| #4 |
| /// Helfer-Team | GUV Trojaner Falsch! Den Fix reinkopieren! Nochmal! |
|
03.09.2012, 08:48
| #5 |
| | GUV Trojaner Sorry hoffe jetzt stimmt's! Error: Unable to interpret <OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.09.2012 09:36:25 - Run 3> in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop> in the current context! Error: Unable to interpret <Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation> in the current context! Error: Unable to interpret <Internet Explorer (Version = 9.0.8112.16421)> in the current context! Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,11% Memory free> in the current context! Error: Unable to interpret <6,22 Gb Paging File | 4,68 Gb Available in Paging File | 75,30% Paging File free> in the current context! Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context! Error: Unable to interpret <Drive C: | 293,33 Gb Total Space | 204,51 Gb Free Space | 69,72% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret <Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator.> in the current context! Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Quick Scan> in the current context! Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <PRC - [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <PRC - [2012.08.09 08:12:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe> in the current context! Error: Unable to interpret <PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe> in the current context! Error: Unable to interpret <PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe> in the current context! Error: Unable to interpret <PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe> in the current context! Error: Unable to interpret <PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe> in the current context! Error: Unable to interpret <PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe> in the current context! Error: Unable to interpret <PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe> in the current context! Error: Unable to interpret <PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe> in the current context! Error: Unable to interpret <PRC - [2009.11.17 18:35:06 | 001,404,808 | ---- | M] (PixelPlanet GmbH) -- C:\Programme\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe> in the current context! Error: Unable to interpret <PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe> in the current context! Error: Unable to interpret <PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe> in the current context! Error: Unable to interpret <PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe> in the current context! Error: Unable to interpret <PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe> in the current context! Error: Unable to interpret <PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe> in the current context! Error: Unable to interpret <PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe> in the current context! Error: Unable to interpret <PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe> in the current context! Error: Unable to interpret <PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe> in the current context! Error: Unable to interpret <PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe> in the current context! Error: Unable to interpret <PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe> in the current context! Error: Unable to interpret <PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe> in the current context! Error: Unable to interpret <PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:42:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:42:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:11:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.06.14 08:11:48 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 10:06:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 09:32:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 09:32:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:09:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:08:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll> in the current context! Error: Unable to interpret <MOD - [2012.05.14 08:08:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll> in the current context! Error: Unable to interpret <MOD - [2011.03.21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll> in the current context! Error: Unable to interpret <MOD - [2009.10.05 18:01:56 | 000,512,000 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll> in the current context! Error: Unable to interpret <MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll> in the current context! Error: Unable to interpret <MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:34 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:18 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2971.39044_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:17 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll> in the current context! Error: Unable to interpret <MOD - [2008.09.29 18:49:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll> in the current context! Error: Unable to interpret <MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll> in the current context! Error: Unable to interpret <MOD - [2008.02.20 17:30:04 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll> in the current context! Error: Unable to interpret <MOD - [2008.02.20 00:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll> in the current context! Error: Unable to interpret <MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll> in the current context! Error: Unable to interpret <MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:22 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 11:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 10:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll> in the current context! Error: Unable to interpret <MOD - [2007.10.17 10:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll> in the current context! Error: Unable to interpret <MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll> in the current context! Error: Unable to interpret <MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)> in the current context! Error: Unable to interpret <SRV - [2012.08.28 08:29:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)> in the current context! Error: Unable to interpret <SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)> in the current context! Error: Unable to interpret <SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$GW)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)> in the current context! Error: Unable to interpret <SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)> in the current context! Error: Unable to interpret <SRV - [2009.10.05 18:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)> in the current context! Error: Unable to interpret <SRV - [2009.02.17 14:06:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)> in the current context! Error: Unable to interpret <SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)> in the current context! Error: Unable to interpret <SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)> in the current context! Error: Unable to interpret <SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)> in the current context! Error: Unable to interpret <SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)> in the current context! Error: Unable to interpret <SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)> in the current context! Error: Unable to interpret <SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)> in the current context! Error: Unable to interpret <SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)> in the current context! Error: Unable to interpret <SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)> in the current context! Error: Unable to interpret <SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)> in the current context! Error: Unable to interpret <SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfusb.sys -- (Tosrfusb)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)> in the current context! Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)> in the current context! Error: Unable to interpret <DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)> in the current context! Error: Unable to interpret <DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)> in the current context! Error: Unable to interpret <DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)> in the current context! Error: Unable to interpret <DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)> in the current context! Error: Unable to interpret <DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)> in the current context! Error: Unable to interpret <DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)> in the current context! Error: Unable to interpret <DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)> in the current context! Error: Unable to interpret <DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)> in the current context! Error: Unable to interpret <DRV - [2008.02.20 02:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)> in the current context! Error: Unable to interpret <DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)> in the current context! Error: Unable to interpret <DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)> in the current context! Error: Unable to interpret <DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)> in the current context! Error: Unable to interpret <DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)> in the current context! Error: Unable to interpret <DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)> in the current context! Error: Unable to interpret <DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Internet Explorer ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com> in the current context! Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]> in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/> in the current context! Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms}> in the current context! Error: Unable to interpret <IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context! Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== FireFox ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@eleco.com/o2cplayer: C:\Program Files\Eleco\o2c Player\npO2CPlayer.DLL (ELECO Software GmbH)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Chrome ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <CHR - homepage: hxxp://www.google.com/> in the current context! Error: Unable to interpret <CHR - homepage: hxxp://www.google.com/> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context! Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context! Error: Unable to interpret <O1 - Hosts: ::1 localhost> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context! Error: Unable to interpret <O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)> in the current context! Error: Unable to interpret <O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)> in the current context! Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [eRecoveryService] File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [Ibfiere] C:\Users\Technoplan\AppData\Roaming\Cooh\xiil.exe File not found> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)> in the current context! Error: Unable to interpret <O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)> in the current context! Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found> in the current context! Error: Unable to interpret <O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)> in the current context! Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: NameServer = 192.168.0.254> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context! Error: Unable to interpret <O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg> in the current context! Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg> in the current context! Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context! Error: Unable to interpret <O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a> in the current context! Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context! Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context! Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context! Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.09.03 09:22:01 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\Desktop\Neuer Ordner> in the current context! Error: Unable to interpret <[2012.08.31 09:15:16 | 000,000,000 | ---D | C] -- C:\_OTL> in the current context! Error: Unable to interpret <[2012.08.30 13:20:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Malwarebytes> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware> in the current context! Error: Unable to interpret <[2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context! Error: Unable to interpret <[2012.08.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2012.08.28 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Google> in the current context! Error: Unable to interpret <[2012.08.28 08:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome> in the current context! Error: Unable to interpret <[2012.08.28 08:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Tauku> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Idowx> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Cooh> in the current context! Error: Unable to interpret <[2011.08.29 10:24:01 | 053,710,568 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Technoplan\ElsterFormular-12.3.2.6814p.exe> in the current context! Error: Unable to interpret <[1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.09.03 09:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context! Error: Unable to interpret <[2012.09.03 09:33:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context! Error: Unable to interpret <[2012.09.03 08:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job> in the current context! Error: Unable to interpret <[2012.09.03 08:10:38 | 009,585,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context! Error: Unable to interpret <[2012.09.03 08:10:38 | 003,322,338 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context! Error: Unable to interpret <[2012.09.03 08:10:38 | 002,687,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context! Error: Unable to interpret <[2012.09.03 08:10:37 | 003,008,998 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context! Error: Unable to interpret <[2012.09.03 08:04:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.09.03 08:04:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0> in the current context! Error: Unable to interpret <[2012.09.03 08:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context! Error: Unable to interpret <[2012.09.03 08:04:17 | 3220,410,368 | -HS- | M] () -- C:\hiberfil.sys> in the current context! Error: Unable to interpret <[2012.08.30 13:38:26 | 000,302,592 | ---- | M] () -- C:\Users\Technoplan\Desktop\ldl2ovql.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:00:21 | 000,000,000 | ---- | M] () -- C:\Users\Technoplan\defogger_reenable> in the current context! Error: Unable to interpret <[2012.08.30 12:59:29 | 000,050,477 | ---- | M] () -- C:\Users\Technoplan\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:11:35 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad> in the current context! Error: Unable to interpret <[2012.08.30 11:07:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.08.30 09:42:28 | 000,000,016 | ---- | M] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.08.28 08:35:48 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context! Error: Unable to interpret <[2012.08.20 14:09:52 | 000,000,010 | ---- | M] () -- C:\Windows\SHISETUP.SYS> in the current context! Error: Unable to interpret <[2012.08.17 08:09:21 | 000,443,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT> in the current context! Error: Unable to interpret <[1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ]> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.08.30 13:38:25 | 000,302,592 | ---- | C] () -- C:\Users\Technoplan\Desktop\ldl2ovql.exe> in the current context! Error: Unable to interpret <[2012.08.30 13:00:21 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\defogger_reenable> in the current context! Error: Unable to interpret <[2012.08.30 12:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Technoplan\Desktop\Defogger.exe> in the current context! Error: Unable to interpret <[2012.08.30 11:07:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context! Error: Unable to interpret <[2012.08.30 09:41:41 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad> in the current context! Error: Unable to interpret <[2012.08.28 12:11:30 | 000,000,016 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res> in the current context! Error: Unable to interpret <[2012.08.28 08:31:27 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk> in the current context! Error: Unable to interpret <[2011.08.16 08:09:21 | 000,000,680 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\d3d9caps.dat> in the current context! Error: Unable to interpret <[2011.04.07 10:16:58 | 000,000,010 | ---- | C] () -- C:\Windows\SHISETUP.SYS> in the current context! Error: Unable to interpret <[2010.10.26 09:23:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll> in the current context! Error: Unable to interpret <[2010.10.26 09:23:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin> in the current context! Error: Unable to interpret <[2010.10.20 16:25:20 | 000,101,770 | ---- | C] () -- C:\Users\Technoplan\2009.elfo> in the current context! Error: Unable to interpret <[2010.05.07 11:13:48 | 000,004,096 | -H-- | C] () -- C:\Users\Technoplan\AppData\Local\keyfile3.drm> in the current context! Error: Unable to interpret <[2009.02.19 17:35:06 | 000,006,355 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\Kommagetrennte Werte (Windows).EML> in the current context! Error: Unable to interpret <[2009.02.19 14:24:04 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\wklnhst.dat> in the current context! Error: Unable to interpret <[2009.02.18 17:00:27 | 000,018,944 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== LOP Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <[2012.01.16 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\1&1 Mail & Media GmbH> in the current context! Error: Unable to interpret <[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Acer GameZone Console> in the current context! Error: Unable to interpret <[2009.02.19 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Autodesk> in the current context! Error: Unable to interpret <[2012.08.16 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Cooh> in the current context! Error: Unable to interpret <[2012.01.20 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\elsterformular> in the current context! Error: Unable to interpret <[2012.08.14 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Idowx> in the current context! Error: Unable to interpret <[2011.11.24 09:40:30 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Iqbe> in the current context! Error: Unable to interpret <[2011.12.16 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\IrfanView> in the current context! Error: Unable to interpret <[2012.08.28 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\kock> in the current context! Error: Unable to interpret <[2009.03.09 10:08:33 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Mensch und Maschine> in the current context! Error: Unable to interpret <[2012.03.15 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\OpenOffice.org> in the current context! Error: Unable to interpret <[2009.12.11 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\PixelPlanet> in the current context! Error: Unable to interpret <[2012.08.15 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Tauku> in the current context! Error: Unable to interpret <[2009.02.27 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\TeamViewer> in the current context! Error: Unable to interpret <[2012.08.29 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\UAs> in the current context! Error: Unable to interpret <[2011.11.24 09:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Uhbeum> in the current context! Error: Unable to interpret <[2012.08.29 10:43:32 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\xmldm> in the current context! Error: Unable to interpret <[2010.11.25 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Zylom> in the current context! Error: Unable to interpret <[2012.08.31 12:57:44 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Purity Check ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <@Alternate Data Stream - 714 bytes -> C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty> in the current context! Error: Unable to interpret << End of report > > in the current context! OTL by OldTimer - Version 3.2.59.1 log created on 09032012_094415 Grüße und Danke |
|
03.09.2012, 20:16
| #6 |
| /// Helfer-Team | GUV Trojaner Du hast wieder das Log statt des Fix reinkopiert.
__________________ --> GUV Trojaner |
|
04.09.2012, 07:53
| #7 |
| | GUV Trojaner Hoffe dieses mal ist es richtig, er hat mal einen neustart gemacht. All processes killed ========== OTL ========== Service Tosrfusb stopped successfully! Service Tosrfusb deleted successfully! File System32\Drivers\tosrfusb.sys not found. Service TosRfSnd stopped successfully! Service TosRfSnd deleted successfully! File system32\drivers\tosrfsnd.sys not found. Service tosrfnds stopped successfully! Service tosrfnds deleted successfully! File system32\DRIVERS\tosrfnds.sys not found. Service Tosrfhid stopped successfully! Service Tosrfhid deleted successfully! File system32\DRIVERS\Tosrfhid.sys not found. Service Tosrfcom stopped successfully! Service Tosrfcom deleted successfully! File System32\Drivers\tosrfcom.sys not found. Service tosrfbnp stopped successfully! Service tosrfbnp deleted successfully! File System32\Drivers\tosrfbnp.sys not found. Service tosrfbd stopped successfully! Service tosrfbd deleted successfully! File system32\DRIVERS\tosrfbd.sys not found. Service tosporte stopped successfully! Service tosporte deleted successfully! File system32\DRIVERS\tosporte.sys not found. Service toshidpt stopped successfully! Service toshidpt deleted successfully! File system32\drivers\Toshidpt.sys not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53D15C7F-1907-4535-90D5-7D127D514EB7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63C2F400-10A0-4967-BF70-E4095256B4F7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FBE32F-9899-4926-821C-32774B4CAA2E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ deleted successfully. C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Apanel deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Programme\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ibfiere deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\ not found. File G:\LaunchU3.exe -a not found. C:\ProgramData\0tbpw.pad moved successfully. ADS C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty deleted successfully. C:\Users\Technoplan\AppData\Roaming\UAs folder moved successfully. C:\Users\Technoplan\AppData\Roaming\xmldm folder moved successfully. C:\Users\Technoplan\AppData\Roaming\kock folder moved successfully. C:\Users\Technoplan\AppData\Roaming\blckdom.res moved successfully. ========== FILES ========== File\Folder C:\Users\Technoplan\AppData\Local\{*} not found. File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. C:\Users\Technoplan\AppData\Local\Temp\GWCaspol.exe moved successfully. C:\Users\Technoplan\AppData\Local\Temp\_isCF31.exe moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Technoplan\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\Technoplan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. File/Folder C:\Windows\System32\*.tmp not found. File/Folder C:\Windows\SysWOW64\*.tmp not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Technoplan\Desktop\cmd.bat deleted successfully. C:\Users\Technoplan\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Technoplan ->Temp folder emptied: 3716700 bytes ->Temporary Internet Files folder emptied: 231165265 bytes ->Google Chrome cache emptied: 17936373 bytes ->Flash cache emptied: 1432 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 418929306 bytes RecycleBin emptied: 14637032 bytes Total Files Cleaned = 655,00 mb OTL by OldTimer - Version 3.2.59.1 log created on 09042012_083900 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Danke für die Hilfe!  |
|
04.09.2012, 18:19
| #8 |
| /// Helfer-Team | GUV Trojaner Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
05.09.2012, 09:02
| #9 |
| | GUV Trojaner Hallo t`john, ich hab Malwarebytes drüberlaufen lassen, hat nichts gefunden. Allerdings wird der AdwCleaner Download von windows geblockt.  PC läuft soweit! Die ganzen Programme löschen ja keine von mir gespeicherten Dateien? Hier noch der Log von Malwarebytes: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.05.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Technoplan :: TECHNOPLAN-PC [Administrator] Schutz: Aktiviert 05.09.2012 08:28:46 mbam-log-2012-09-05 (08-28-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|I:\|O:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 338252 Laufzeit: 57 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke für deine Hilfe Grüße Christian  |
|
06.09.2012, 00:35
| #10 | ||
| /// Helfer-Team | GUV TrojanerZitat:
Zitat:
D.h.: natuerlich nicht! |
|
06.09.2012, 09:47
| #11 |
| | GUV Trojaner OK  Hier den Text vom AdwCleaner # AdwCleaner v2.000 - Datei am 09/06/2012 um 10:42:50 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Technoplan - TECHNOPLAN-PC # Normaler Modus : Normal # Ausgeführt unter : C:\Users\Technoplan\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\Ask.com Ordner Gefunden : C:\Users\Technoplan\AppData\Local\AskToolbar Ordner Gefunden : C:\Users\Technoplan\AppData\LocalLow\AskToolbar Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Ask.com Schlüssel Gefunden : HKCU\Software\Ask.com.tmp Schlüssel Gefunden : HKCU\Software\AskToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Technoplan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3477 octets] - [06/09/2012 10:42:50] ########## EOF - C:\AdwCleaner[R1].txt - [3537 octets] ########## Grüße Christian  |
|
06.09.2012, 18:35
| #12 |
| /// Helfer-Team | GUV Trojaner Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
07.09.2012, 07:24
| #13 |
| | GUV Trojaner Ok hier schon mal den Text:  # AdwCleaner v2.000 - Datei am 09/07/2012 um 08:18:14 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Technoplan - TECHNOPLAN-PC # Normaler Modus : Normal # Ausgeführt unter : C:\Users\Technoplan\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\Users\Technoplan\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Technoplan\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Technoplan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3606 octets] - [06/09/2012 10:42:50] AdwCleaner[S1].txt - [3614 octets] - [07/09/2012 08:18:14] ########## EOF - C:\AdwCleaner[S1].txt - [3674 octets] ########## Hallo nochmal, Emsisoft Anti-Maleware sagt ich hätte die Testversion schon genutzt, was auf gar keinen Fall sein kann. Denkst du ich kann den PC evtl. so lassen wie er ist? Gruß und Danke Christian |
|
07.09.2012, 15:20
| #14 |
| /// Helfer-Team | GUV Trojaner Nein, der Rechner kann so nicht bleiben. Schaue in der Anleitung nach dem kostenlosen Scan. |
|
11.09.2012, 12:08
| #15 |
| | GUV Trojaner Sorry Fail von mir, hab den kostenlosen Scan gefunden. Hier das Logfile von Emsisoft: Emsisoft Anti-Malware - Version 6.6 Letztes Update: 11.09.2012 12:09:39 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 11.09.2012 12:17:10 c:\users\technoplan\appdata\roaming\microsoft\windows\recent\kg.lnk gefunden: Trace.File.keyboardguardian!E1 C:\Users\Technoplan\AppData\Local\Temp\WinRARSDM.exe gefunden: Adware.Win32.SweetIM.AMN!E1 C:\$RECYCLE.BIN\S-1-5-21-923770033-2654947890-2156885174-1000\$RT84DER.exe gefunden: Adware.Win32.SweetIM.AMN!E1 Gescannt 627017 Gefunden 3 Scan Ende: 11.09.2012 13:03:18 Scan Zeit: 0:46:08 merci und Grüße |
|
| Themen zu GUV Trojaner |
| 7-zip, anti-malware, ausgeführt, avira searchfree toolbar, branding, canon, defogger, eurer, gefunde, google earth, guv trojaner, gvu-trojaner, install.exe, malwarebytes, malwarebytes anti-malware, nichts, plug-in, programm, quarantäne, quick, runtergeladen, sache, sachen, safer networking, scan, schonmal, seite, troja, trojane, trojaner, versuch, weiteren |
Linear-Darstellung
