Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: OTL Fils Analysieren

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2012, 16:46   #1
cooky79
 
OTL Fils Analysieren - Standard

OTL Fils Analysieren



Servus zusammen,

leider bin ich auch ein betroffener des Verschlüsselungstrojaner.

Ich habe mit dein gängigen tools den Trojander soweit herunter bekommen doch bei der Analyse des OTL-logs hapert es bei mir dann.

Ich bekomme immernoch eine fehlermedlung beim start mit fehler beim laden der tpl_0_c.exe die auf den Trojander schleißen lässt.

Bitte um entsprechende Hilfe bei der Analyse und des bereinigunsscripts.

Vielen Dank im Voraus.

Liebe Grüße

Cooky

PS: Leider passt das OTL Log nicht in den anhang daher füge ich es dann entsprechend hinten an.

Zitat:
OTL logfile created on: 15.06.2012 12:02:19 - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = G:\
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 67,91% Memory free
5,50 Gb Paging File | 4,45 Gb Available in Paging File | 80,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,45 Gb Total Space | 7,50 Gb Free Space | 12,83% Space Free | Partition Type: NTFS
Drive D: | 58,50 Gb Total Space | 32,89 Gb Free Space | 56,23% Space Free | Partition Type: NTFS
Drive G: | 15,04 Gb Total Space | 3,23 Gb Free Space | 21,47% Space Free | Partition Type: FAT32

Computer Name: ACER-VERITON | User Name: Hofreiter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.21 12:54:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011.09.02 02:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.07.22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GregHSRW.exe
PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.07.27 19:42:10 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.06.18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.05.13 04:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer SmartBoot\ASLSvc.exe
PRC - [2009.05.13 04:05:32 | 000,376,832 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer SmartBoot\ASLTray.exe
PRC - [2009.04.17 23:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.02.18 02:01:04 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009.02.17 23:03:26 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2008.03.18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005.09.13 03:02:42 | 000,028,672 | R--- | M] (Mindjet) -- C:\Programme\Mindjet\MindManager 6\MmReminderService.exe
PRC - [2004.09.05 18:20:18 | 000,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.14 03:27:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012.06.14 03:27:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:27:19 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012.05.10 07:43:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 07:43:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012.05.10 07:42:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012.05.10 07:42:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012.05.10 07:42:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 07:42:42 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.25 19:34:30 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3428.38736__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2010.09.25 19:34:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3428.38810__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.09.25 19:34:30 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3428.38778__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:30 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3428.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:30 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3428.38737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.09.25 19:34:30 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3428.38810__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:30 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3428.38778__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.09.25 19:34:30 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3428.38791__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3428.38726__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:30 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3428.38773__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3428.38777__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3428.38809__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3428.38732__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.09.25 19:34:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3428.38760__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2010.09.25 19:34:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3428.38726__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2010.09.25 19:34:29 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3428.38762__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:29 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3428.38727__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2010.09.25 19:34:29 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3428.38738__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2010.09.25 19:34:29 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3428.38757__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:29 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3428.38761__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:29 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3428.38786__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.09.25 19:34:29 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3428.38737__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.09.25 19:34:29 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3428.38771__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2010.09.25 19:34:29 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3428.38762__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3428.38761__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3428.38741__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2010.09.25 19:34:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3428.38761__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3428.38771__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2010.09.25 19:34:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3428.38772__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.09.25 19:34:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.09.25 19:34:29 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.09.25 19:34:28 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.09.25 19:34:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3428.38818__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.09.25 19:34:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2010.09.25 19:34:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2010.09.25 19:34:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.09.25 19:34:28 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010.09.25 19:34:28 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010.09.25 19:34:28 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3428.38714__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.09.25 19:34:27 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3428.38722__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.09.25 19:34:27 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3428.38731__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.09.25 19:34:27 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3428.38805__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.09.25 19:34:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3428.38716__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.09.25 19:34:27 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3428.38716__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.09.25 19:34:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3428.38803__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.09.25 19:34:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3428.38715__90ba9c70f846762e\APM.Server.dll
MOD - [2010.09.25 19:34:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3428.38717__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.09.25 19:34:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.09.25 19:34:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3428.38714__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.09.25 19:34:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.09.25 19:34:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.09.25 19:34:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.09.25 19:34:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.09.25 19:34:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3428.38804__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.09.25 19:34:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.09.25 19:34:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.09.25 19:34:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.09.25 19:34:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.09.25 19:34:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.09.16 05:30:52 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.09.16 05:30:48 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.03 18:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2007.12.06 15:59:56 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2004.09.05 18:20:38 | 000,008,192 | ---- | M] () -- C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\fm30xmf.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.05.06 08:38:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.10 02:19:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.28 10:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009.05.13 04:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009.02.18 02:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009.02.17 23:03:26 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.01.22 19:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.09.16 05:25:38 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.09.16 05:25:38 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.09.16 05:25:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.09.16 05:25:38 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.08.25 15:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010.08.25 15:45:28 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010.08.25 14:45:28 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.06.11 07:18:30 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.05.22 10:52:36 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.02.05 23:33:16 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2009.02.05 23:33:14 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008.03.12 01:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008.03.12 00:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=veriton_m221&r=170501113706pe4f5u2i5z4731520r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=veriton_m221&r=170501113706pe4f5u2i5z4731520r
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=veriton_m221&r=170501113706pe4f5u2i5z4731520r
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\SearchScopes\{86D9728A-EF5B-48AC-A256-2601CE96C88C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hofreiter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Hofreiter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1643631221-786068987-2124353112-1003\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer PowerSaver] C:\Programme\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Programme\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Programme\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" File not found
O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WavXMgr] "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" File not found
O4 - HKU\S-1-5-21-1643631221-786068987-2124353112-1003..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1643631221-786068987-2124353112-1003..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
O4 - HKU\S-1-5-21-1643631221-786068987-2124353112-1003..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hofreiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62201A58-1D59-4966-9E06-DF569C42C2C6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b06eefcb-754b-11e0-be14-d02788107a89}\Shell - "" = AutoRun
O33 - MountPoints2\{b06eefcb-754b-11e0-be14-d02788107a89}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f96f0a7b-ef18-11e0-8f5f-d02788107a89}\Shell - "" = AutoRun
O33 - MountPoints2\{f96f0a7b-ef18-11e0-8f5f-d02788107a89}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.06.14 18:50:11 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Roaming\Malwarebytes
[2012.06.14 18:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 18:49:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.14 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.14 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1C96A049-D045-400A-BBF0-4EA955871F5D}
[2012.06.14 14:29:50 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{B002406C-13B3-41FF-85E7-7EAD93DF4A04}
[2012.06.14 14:19:13 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{9DA3E652-205A-44B1-BB99-51FFCCDA6F64}
[2012.06.14 14:18:49 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8390AF9B-DBCA-4D1E-B665-6FF79DECC8D1}
[2012.06.14 08:25:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.06.14 07:46:56 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{E3D5A637-27F8-4440-801A-321E7A7A9B9A}
[2012.06.14 07:46:42 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1558321B-95BA-45FA-B50E-AE38599B9747}
[2012.06.14 03:02:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 03:02:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 03:02:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 03:02:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 03:02:03 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.14 03:02:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 03:02:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1D3A56E2-3C5D-4840-B785-97A88A002C6E}
[2012.06.13 23:02:37 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{D14A9DD5-129A-40AB-87B3-B8B33FC6B28E}
[2012.06.13 12:04:43 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 12:04:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 12:04:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 12:04:40 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 11:58:20 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{0999D7F5-AE9A-4D07-AE51-5115EC5B27B1}
[2012.06.13 11:55:35 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{4C9927E2-BA63-4831-9BD2-271C0A85E709}
[2012.06.12 07:55:33 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{764585D8-ED27-4701-BB3D-3C1AF7F3AADA}
[2012.06.12 07:55:09 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{B890536E-DEE0-4441-8473-D9745F188D2D}
[2012.06.11 09:12:58 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{FB760C63-A8E3-422F-BDF6-5E4808258327}
[2012.06.11 09:12:35 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{54AA9A60-1DAB-4D31-9BE7-31719A72D6B3}
[2012.06.10 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{14B302EA-5CAB-4D3B-98D4-740020B6D213}
[2012.06.10 17:28:43 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CD30FE46-E5D9-49FD-97A8-DF10F23E2964}
[2012.06.10 05:05:38 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{E2816646-D831-4CAC-B06C-3B4877F55DC9}
[2012.06.10 05:05:25 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{4E605B61-606D-48BF-A363-94E05FECE765}
[2012.06.10 00:01:54 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{909C4436-DF7D-41D7-A430-51111C99F878}
[2012.06.10 00:01:31 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{5526E929-7E00-4DEE-A89C-D8B61E6B3F11}
[2012.06.09 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Roaming\UAs
[2012.06.09 23:14:02 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Roaming\xmldm
[2012.06.09 23:14:01 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Roaming\kock
[2012.06.09 15:43:15 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\Desktop\Kroatien 2012 Martin
[2012.06.08 07:39:19 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CDF5A58F-2577-4625-844D-F9BA461B5436}
[2012.06.08 07:39:07 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{39A1A283-61A1-4DD2-BF33-A41C004C6723}
[2012.06.07 18:31:08 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{B438BEF2-7FEE-42E4-A8BA-C2B1F992DCCB}
[2012.06.07 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{7F582D1B-7D22-409B-AA33-0B2E595761A5}
[2012.06.07 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{932CBF67-F383-4A7B-B043-14C01D8450EB}
[2012.06.07 15:57:45 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1631088A-0A14-4ECD-8288-43AE88C7F085}
[2012.06.07 15:51:37 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{087FCC12-F798-402B-B1AC-35A828A0FA5E}
[2012.06.07 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8640CDF3-622E-4B3E-821C-986898245C62}
[2012.06.06 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CFC6F2FD-E5A8-470F-A5C1-B4246D5C35D5}
[2012.06.06 23:42:29 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{0B6A5567-8F26-498A-8A5D-F22272C206B2}
[2012.06.06 11:22:12 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{6077B83F-F79D-481D-A6E3-E79C9C49515C}
[2012.06.06 11:21:58 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{70E3858A-4702-4AD1-9C87-0E7CC514305B}
[2012.06.06 07:08:10 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F2C87816-8D9C-4CBC-B38B-7865251EBEEE}
[2012.06.06 07:07:57 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8E1E6813-5621-4C88-A46F-8493085E22AF}
[2012.06.05 14:43:56 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{E373841F-B49F-4024-8FC5-616B9754B569}
[2012.06.05 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{9E31C4B1-C371-40A3-86B4-59EBDBE32E07}
[2012.06.05 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8DB36922-C61F-4FD8-95FD-07D9A8442274}
[2012.06.05 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F684C83B-A575-49C3-A67D-4AAD302F06A5}
[2012.06.05 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{EF048C24-AFE2-49FA-8F37-67C554B08446}
[2012.06.05 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{25C285CB-836F-4597-9C93-626157A1F8AE}
[2012.06.04 13:51:56 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{BDEB976D-C0C2-4E31-B656-2DF9FAA3A24C}
[2012.06.04 13:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{98922531-A7F6-42A0-A582-235EE477713D}
[2012.06.04 13:47:18 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{EE1D7545-4245-4FDD-A2A5-10B3334AD8F0}
[2012.06.04 13:46:53 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{BB910FAA-7E3C-4764-8E4D-462EC1FB1923}
[2012.06.02 15:44:20 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{63913899-C662-4ED9-8CA0-657C3B968141}
[2012.06.02 15:44:08 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{D89F63F7-0ABB-4876-AFE5-8F52A7D8897B}
[2012.06.01 18:30:51 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{2B80AD2A-5A5A-4E6E-88D3-FEFF9CFAB985}
[2012.06.01 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{3D2CA2D8-59A0-4188-8B17-454516CEB9CD}
[2012.06.01 07:20:12 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F979F7BB-46F8-4833-A1F2-A0167EE83634}
[2012.06.01 07:19:49 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{DB3AE99E-BB9B-4C07-AFB8-737BE0389E20}
[2012.05.31 23:57:08 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{434A0906-EF49-4A85-8CCE-E2643CA017A4}
[2012.05.31 23:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{6157C879-9B80-426C-B5C9-F3E4CE73888F}
[2012.05.31 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{0C2FE7A3-A9E8-4933-A732-A62D803B23C1}
[2012.05.31 22:59:59 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{DD310831-30B1-4A23-9409-A2EB8EDD5577}
[2012.05.31 20:38:58 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{928CBB84-CFE8-4080-B59A-45A808ABDADB}
[2012.05.31 20:38:45 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{438A2225-8EAC-4996-BC0B-B5EF43FB81C7}
[2012.05.31 15:56:39 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{800882D0-FB5C-4BD6-94FF-960AA5C0EF37}
[2012.05.31 15:56:16 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{3686898D-790E-439A-A9D7-750CB98B3A3E}
[2012.05.31 07:23:32 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{5A92129F-BA1F-49FD-B792-2A37C700372C}
[2012.05.31 07:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{2CB3C277-F5A2-4C81-AF47-97653D23F02E}
[2012.05.30 11:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CA1213C8-9D00-4D59-BFF3-F93690AD4E44}
[2012.05.30 11:32:21 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{EAECA774-73CA-4862-8B69-5F006796D8DC}
[2012.05.30 09:23:30 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{DCDDA974-64B4-40B1-B9C8-D506F54FD708}
[2012.05.30 09:23:19 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{DEC6B65C-20E7-4148-A75C-11A28E2247D9}
[2012.05.29 07:02:21 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{95AA4127-D298-4FD5-8AA6-DBE78AEF530A}
[2012.05.29 07:01:57 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{FBB3B6C7-B0C6-48A4-963D-F51506869B74}
[2012.05.27 20:22:08 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{D36206AF-FAAF-43D9-B9FD-B4A4D4618D96}
[2012.05.27 20:21:44 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F3EC8B79-9CB7-4BB5-A270-5484DE88FDA5}
[2012.05.27 11:45:37 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{EF791B4B-33C2-4DC6-8D5B-4BB1207F38D5}
[2012.05.26 07:48:50 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8B1343F3-4737-4DBD-B2CB-915F33F2871E}
[2012.05.26 07:48:24 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{BD3B2782-8175-4239-9ACE-5D282FD6BD21}
[2012.05.25 08:37:38 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{FB9F0B07-DDDA-4BEC-9EDB-7107D063A200}
[2012.05.25 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{C37FB137-3DBF-48F1-A56F-D910D0955D45}
[2012.05.24 23:36:54 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{AEC05D33-5FC2-460E-94CD-A7A1F9A0EA5A}
[2012.05.24 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8311BBF6-BCB8-45E4-BD11-BA723F446001}
[2012.05.24 07:18:22 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{2EB8E80D-6C18-44A2-AF3D-968C3D31D676}
[2012.05.24 07:17:59 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{4F844454-6857-4BE6-9A6B-96C3F59FDE06}
[2012.05.23 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1FFBBA02-DDCF-4E13-9FAE-9E67671AE937}
[2012.05.23 07:42:57 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{DECC13B2-0BDA-48D9-99E1-2812D36B62C9}
[2012.05.22 12:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.05.22 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.05.22 09:58:46 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{976A7D9A-B77C-48B1-8D37-612E8062E2B4}
[2012.05.22 09:58:22 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{45B87EF3-AA4C-49C1-8B99-51F5F407BBE1}
[2012.05.21 23:40:19 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{05697C90-EA5E-4771-976D-ED065C31F2F2}
[2012.05.21 23:40:07 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{23AFA1B6-3842-45C4-903E-C1A147A4000F}
[2012.05.21 18:53:24 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{86536FA3-CC22-44AC-8CA6-AF6AAFF15EA2}
[2012.05.21 18:53:12 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{6968328D-7C1D-46C8-95D0-B181DCBB943E}
[2012.05.21 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{A70181EC-4D9D-4E26-AC52-D1C8A3AD2C84}
[2012.05.21 15:57:26 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{7DA2B2A5-8D8A-4D80-ACFC-84D0046818F6}
[2012.05.21 06:31:10 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CC06CFA5-4D32-462F-A134-0E630E31AC93}
[2012.05.21 06:30:57 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{91984932-7634-45BA-A84A-7816BEE14FDB}
[2012.05.20 08:52:17 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{5F751601-B68F-433D-B835-70599A75CDC3}
[2012.05.20 08:51:54 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{68F71327-A7CC-4A91-9D98-30A6B9BCADCA}
[2012.05.19 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{FBA9E2C1-BBDF-404B-8C0E-528680A62AF7}
[2012.05.19 16:34:48 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{E742A7EA-0756-48A5-B7E1-6B445960A99E}
[2012.05.19 10:53:54 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F46D8913-FA2F-4B61-93F7-0BCD8CD97068}
[2012.05.19 10:53:31 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{564C6633-45E2-4F57-A125-189FA53ED60D}
[2012.05.19 09:21:17 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{9774A16E-0574-4C2B-B05A-4645A0BACC58}
[2012.05.19 09:20:54 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{422F6D80-E00D-4B95-8586-E6282515E2F7}
[2012.05.19 07:49:38 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{F7C15AC7-0801-43C9-8DF9-E8FDBA20458B}
[2012.05.19 07:49:14 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{8ADF7954-29D0-4FAF-A9DA-EAA2A4796DA1}
[2012.05.19 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\Desktop\Desktop Bilder
[2012.05.19 04:41:04 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{D1BA776C-131C-4F0A-AF41-E06A33BFF96B}
[2012.05.18 09:36:45 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{1D2C0EA3-24EB-4386-866B-6E5354A9EE2F}
[2012.05.18 09:36:21 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{CEEF9E5B-4058-410C-8ECB-D340A67B1342}
[2012.05.17 12:39:35 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{7BC459D5-553B-4017-ABEA-B419CFD4FD16}
[2012.05.17 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\Hofreiter\AppData\Local\{C7F7C121-9416-44E1-B322-67EA454531B2}
[2012.05.16 22:01:13 | 000,000,000 | ---D | C] -- C:\Musik
[1 C:\Users\Hofreiter\AppData\Roaming\*.tmp files -> C:\Users\Hofreiter\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.15 11:58:38 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 11:58:38 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 11:52:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 11:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 11:51:12 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 11:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.15 11:13:17 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1643631221-786068987-2124353112-1003UA.job
[2012.06.15 11:10:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 20:13:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1643631221-786068987-2124353112-1003Core.job
[2012.06.14 18:54:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\c_0_lpt.pad
[2012.06.14 18:44:27 | 000,658,172 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.14 18:44:27 | 000,618,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.14 18:44:27 | 000,131,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.14 18:44:27 | 000,107,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.14 14:31:36 | 000,000,080 | ---- | M] () -- C:\Users\Hofreiter\AppData\Roaming\blckdom.res
[2012.06.14 14:11:37 | 000,001,889 | ---- | M] () -- C:\Users\Hofreiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.14 03:26:11 | 000,411,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 21:30:35 | 000,057,136 | ---- | M] () -- C:\Users\Hofreiter\Desktop\EM2012-Spielplan_Gruppe_shop_header_image.gif
[2012.06.13 16:03:36 | 001,206,991 | ---- | M] () -- C:\Users\Hofreiter\Documents\Senderliste Hisense_Sat.eml
[2012.06.13 15:59:29 | 000,473,424 | ---- | M] () -- C:\Users\Hofreiter\Documents\HIS_TSL.BIN
[2012.06.13 15:59:29 | 000,405,720 | ---- | M] () -- C:\Users\Hofreiter\Documents\HIS_SVL.BIN
[2012.06.13 10:08:23 | 000,223,712 | ---- | M] () -- C:\Users\Hofreiter\AppData\Roaming\AcroIEHelpe138.dll
[2012.05.29 07:45:11 | 001,789,952 | ---- | M] () -- C:\Users\Hofreiter\Desktop\60_Blumenweisheiten.pps
[2012.05.22 23:45:54 | 000,023,046 | ---- | M] () -- C:\Users\Hofreiter\ESt2009_Hofreiter_Michael_und_Ulrike.elfo
[2012.05.22 23:45:29 | 000,002,625 | ---- | M] () -- C:\Users\Hofreiter\ESt2009.elfo
[2012.05.22 12:44:52 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.05.18 00:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.18 00:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.05.18 00:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Users\Hofreiter\AppData\Roaming\*.tmp files -> C:\Users\Hofreiter\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.14 14:11:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\c_0_lpt.pad
[2012.06.14 14:11:36 | 000,001,889 | ---- | C] () -- C:\Users\Hofreiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.13 21:29:24 | 000,057,136 | ---- | C] () -- C:\Users\Hofreiter\Desktop\EM2012-Spielplan_Gruppe_shop_header_image.gif
[2012.06.13 16:03:35 | 001,206,991 | ---- | C] () -- C:\Users\Hofreiter\Documents\Senderliste Hisense_Sat.eml
[2012.06.13 15:59:29 | 000,473,424 | ---- | C] () -- C:\Users\Hofreiter\Documents\HIS_TSL.BIN
[2012.06.13 15:59:28 | 000,405,720 | ---- | C] () -- C:\Users\Hofreiter\Documents\HIS_SVL.BIN
[2012.06.13 10:08:23 | 000,223,712 | ---- | C] () -- C:\Users\Hofreiter\AppData\Roaming\AcroIEHelpe138.dll
[2012.06.09 23:14:10 | 000,000,080 | ---- | C] () -- C:\Users\Hofreiter\AppData\Roaming\blckdom.res
[2012.05.29 07:45:10 | 001,789,952 | ---- | C] () -- C:\Users\Hofreiter\Desktop\60_Blumenweisheiten.pps
[2012.05.22 23:45:52 | 000,023,046 | ---- | C] () -- C:\Users\Hofreiter\ESt2009_Hofreiter_Michael_und_Ulrike.elfo
[2012.05.22 23:45:25 | 000,002,625 | ---- | C] () -- C:\Users\Hofreiter\ESt2009.elfo
[2012.05.22 12:44:52 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.10.24 09:39:24 | 000,005,120 | ---- | C] () -- C:\Users\Hofreiter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.20 19:04:41 | 000,000,058 | ---- | C] () -- C:\Windows\TTN.INI
[2011.06.03 15:59:08 | 000,000,240 | ---- | C] () -- C:\Windows\Sfirm32.ini
[2011.06.03 15:59:08 | 000,000,171 | ---- | C] () -- C:\Windows\Uno.ini
[2011.06.03 15:59:05 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Osl364mi.dll
[2011.06.03 15:59:04 | 000,287,744 | ---- | C] () -- C:\Windows\System32\Uno364mi.dll
[2011.06.03 15:59:04 | 000,109,568 | ---- | C] () -- C:\Windows\System32\Vos364mi.dll
[2011.04.02 16:38:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.08 19:32:56 | 000,040,023 | ---- | C] () -- C:\Users\Hofreiter\AppData\Roaming\UserTile.png
[2011.03.08 10:38:33 | 000,139,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.04 19:05:04 | 000,007,608 | ---- | C] () -- C:\Users\Hofreiter\AppData\Local\Resmon.ResmonCfg
[2010.09.25 19:48:30 | 000,022,016 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010.09.25 19:47:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010.09.25 19:47:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010.09.25 19:47:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010.09.25 19:47:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010.09.16 05:32:41 | 000,658,172 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.09.16 05:32:41 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.09.16 05:32:41 | 000,131,704 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.09.16 05:32:41 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 789 bytes -> C:\Users\Hofreiter\Documents\Senderliste Hisense_Sat.eml:OECustomProperty

< End of report >

Alt 18.06.2012, 12:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
OTL Fils Analysieren - Standard

OTL Fils Analysieren



Zitat:
Ich habe mit dein gängigen tools den Trojander soweit herunter bekommen
Geht das auch ein bisschen konkreter? Was wurde womit entfernt? Logs dazu?
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu OTL Fils Analysieren
adobe, adobe flash player, alternate, autorun, bho, bingbar, bonjour, branding, browser, defender, desktop, document, explorer, firefox, flash player, format, google earth, gruppe, helper, limited.com/facebook, logfile, microsoft, otl auswertung, programme, registry, scan, searchscopes, security, senden, sfirm, software, tracker, version=1.0, windows, winlogon, wmp



Ähnliche Themen: OTL Fils Analysieren


  1. GVU Trojaner - LOG File Analysieren und Bereinigen
    Log-Analyse und Auswertung - 17.07.2013 (15)
  2. gvu trojaner - otl log file analysieren
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (7)
  3. HiJackThis Logfile Analysieren
    Log-Analyse und Auswertung - 29.04.2010 (1)
  4. HI Jack Log File analysieren
    Log-Analyse und Auswertung - 25.10.2009 (2)
  5. honeq.exe / Bitte Log analysieren
    Log-Analyse und Auswertung - 12.10.2009 (1)
  6. Hijackthis log-file bitte analysieren.. pls
    Log-Analyse und Auswertung - 12.06.2009 (1)
  7. HiJackThis Log analysieren
    Mülltonne - 02.10.2008 (0)
  8. Prozesse analysieren?!?!
    Plagegeister aller Art und deren Bekämpfung - 10.09.2008 (3)
  9. Stealer analysieren
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (1)
  10. HiJackThis Log analysieren
    Log-Analyse und Auswertung - 23.07.2007 (5)
  11. HijackThis-Log analysieren
    Mülltonne - 23.07.2007 (1)
  12. Bitte einmal analysieren!
    Mülltonne - 01.04.2006 (1)
  13. HiJack bitte analysieren
    Log-Analyse und Auswertung - 03.01.2006 (4)
  14. Bitte log-File analysieren
    Log-Analyse und Auswertung - 07.06.2005 (3)
  15. Logfile analysieren
    Log-Analyse und Auswertung - 27.03.2005 (11)
  16. Hilfe - bitte log analysieren
    Log-Analyse und Auswertung - 15.12.2004 (1)

Zum Thema OTL Fils Analysieren - Servus zusammen, leider bin ich auch ein betroffener des Verschlüsselungstrojaner. Ich habe mit dein gängigen tools den Trojander soweit herunter bekommen doch bei der Analyse des OTL-logs hapert es bei - OTL Fils Analysieren...
Archiv
Du betrachtest: OTL Fils Analysieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.