Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 auf win7 64bit system

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.09.2010, 02:47   #1
DonGonz
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



Hi, ich hab seit ein paar Tagen diesen Trojaner an Board und bekomm ihn nicht los. Ich hab auch gelesen das zu dem Thema schon einiges da ist, aber beispielsweise combofix funktioniert bei mir nicht, weil ich ein 64 bit sys hab. zumindest hat es mir dies bei der installation gesagt. ich hab deshalb nun doch nen thread eröffnet.... hoffe ihr könnt mir helfen.

hier also die logs:
hijack log:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:12, on 18.09.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Downloads\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [qiuipu] C:\Users\DonGonzales\qiuipu.exe /e
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [foaveo] C:\Users\Colombia\foaveo.exe /G (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [reaemac] C:\Users\Colombia\reaemac.exe /g (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [riuagib] C:\Users\Colombia\riuagib.exe /J (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [txroap] C:\Users\Colombia\txroap.exe /Y (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ymhioj] C:\Users\Colombia\ymhioj.exe /v (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [leafiem] C:\Users\Colombia\leafiem.exe /O (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [doiabos] C:\Users\Colombia\doiabos.exe /o (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [Metropolis] rundll32.exe C:\Users\Colombia\AppData\Local\Temp\sshnas21.dll,GetHandle (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ASH24SXZ9S] C:\Users\Colombia\AppData\Local\Temp\Vxi.exe (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [vooaboc] C:\Users\Colombia\vooaboc.exe /L (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [foxoy] C:\Users\Colombia\foxoy.exe /S (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [voeoko] C:\Users\Colombia\voeoko.exe /y (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [waimo] C:\Users\Colombia\waimo.exe /O (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [yaoaqa] C:\Users\Colombia\yaoaqa.exe /i (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [diiop] C:\Users\Colombia\diiop.exe /h (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [qkliov] C:\Users\Colombia\qkliov.exe /F (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [xaobuf] C:\Users\Colombia\xaobuf.exe /E (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [naufe] C:\Users\Colombia\naufe.exe /Q (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ceuepe] C:\Users\Colombia\ceuepe.exe /I (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [qiemoe] C:\Users\Colombia\qiemoe.exe /A (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [zonoy] C:\Users\Colombia\zonoy.exe /b (User 'Colombia')
O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [sytum] C:\Users\Colombia\sytum.exe /Z (User 'Colombia')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14623 bytes
         
--- --- ---



OTL Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.09.2010 19:25:55 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 126,75 Gb Free Space | 44,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 14,94 Gb Free Space | 3,21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GONZOLAP
Current User Name: DonGonzales
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager
"LSI Soft Modem" = LSI HDA Modem
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German
"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian
"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista
"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish
"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}" = ES
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese
"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish
"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai
"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing
"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish
"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Pro Pinball - Timeshock!" = Pro Pinball - Timeshock!
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SopCast" = SopCast 3.2.9
"StarCraft II" = StarCraft II
"Totalcmd" = Total Commander (Remove or Repair)
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.15
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.09.2010 20:01:35 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.09.2010 20:05:05 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.09.2010 20:05:05 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.09.2010 20:05:09 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.09.2010 20:05:10 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.09.2010 20:10:35 | Computer Name = GonzoLAP | Source = VSS | ID = 12310
Description = 
 
Error - 16.09.2010 20:17:12 | Computer Name = GonzoLAP | Source = ESENT | ID = 215
Description = WinMail (3556) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
 
Error - 16.09.2010 20:17:16 | Computer Name = GonzoLAP | Source = ESENT | ID = 215
Description = WinMail (2640) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
 
Error - 16.09.2010 21:00:49 | Computer Name = GonzoLAP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 1.9.1.3728,
Zeitstempel: 0x4ba12250 Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
Zeitstempel: 0x4ba112a1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000094f8 ID des fehlerhaften
Prozesses: 0xb10 Startzeit der fehlerhaften Anwendung: 0x01cb5603c37b0ff0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\MOZCRT19.dll
Berichtskennung:
026648e1-c1f7-11df-af2a-00262d61bd7b
 
Error - 16.09.2010 21:10:23 | Computer Name = GonzoLAP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 1.9.1.3728,
Zeitstempel: 0x4ba12250 Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
Zeitstempel: 0x4ba112a1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000094f8 ID des fehlerhaften
Prozesses: 0x6e4 Startzeit der fehlerhaften Anwendung: 0x01cb5603c44eb61d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\MOZCRT19.dll
Berichtskennung:
584762cd-c1f8-11df-af2a-00262d61bd7b
 
[ Media Center Events ]
Error - 03.02.2010 14:14:20 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:14:20 - Fehler beim Herstellen der Internetverbindung. 19:14:20 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 03.02.2010 14:14:26 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:14:25 - Fehler beim Herstellen der Internetverbindung. 19:14:25 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.02.2010 13:22:34 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 18:22:34 - Fehler beim Herstellen der Internetverbindung. 18:22:34 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.02.2010 13:22:51 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 18:22:41 - Fehler beim Herstellen der Internetverbindung. 18:22:41 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.02.2010 14:22:59 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:22:58 - Fehler beim Herstellen der Internetverbindung. 19:22:58 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.02.2010 14:23:06 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:23:04 - Fehler beim Herstellen der Internetverbindung. 19:23:04 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.02.2010 04:34:33 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 09:34:30 - Fehler beim Herstellen der Internetverbindung. 09:34:30 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.02.2010 05:34:38 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 10:34:38 - Fehler beim Herstellen der Internetverbindung. 10:34:38 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.02.2010 06:34:43 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 11:34:43 - Fehler beim Herstellen der Internetverbindung. 11:34:43 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 10.02.2010 07:49:59 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 12:49:55 - Fehler beim Herstellen der Internetverbindung. 12:49:55 
- Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 24.06.2010 09:59:52 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:05:02 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:10:12 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:15:22 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:20:32 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:25:42 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:30:52 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:36:02 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.06.2010 10:41:12 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 27.06.2010 13:54:21 | Computer Name = GonzoLAP | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >
         
--- --- ---



OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.09.2010 19:25:55 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 126,75 Gb Free Space | 44,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 14,94 Gb Free Space | 3,21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GONZOLAP
Current User Name: DonGonzales
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Colombia\kzruec.exe ()
PRC - C:\Users\Colombia\AppData\Local\Temp\Vxi.exe (Alexander Roshal)
PRC - C:\Windows\Vpipob.exe (Alexander Roshal)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found
DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/startpage|google.de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.29 02:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.11 02:28:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.06 16:57:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.07.11 02:28:02 | 000,000,000 | ---D | M]
 
[2010.02.05 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Extensions
[2010.02.05 09:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.16 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Firefox\Profiles\e3fredlz.default\extensions
[2010.05.08 07:50:00 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Firefox\Profiles\e3fredlz.default\extensions\firefox@tvunetworks.com
[2010.04.22 07:13:21 | 000,002,059 | ---- | M] () -- C:\Users\DonGonzales\AppData\Roaming\Mozilla\FireFox\Profiles\e3fredlz.default\searchplugins\daemon-search.xml
[2010.07.22 15:07:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.04.17 05:37:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.17 05:37:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.17 05:37:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.17 05:37:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.17 05:37:23 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.17 20:09:59 | 000,419,429 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14471 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [qiuipu] C:\Users\DonGonzales\qiuipu.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.13.249.101 200.13.224.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{634b1d46-f48b-11de-b636-00262d61bd7b}\Shell - "" = AutoRun
O33 - MountPoints2\{634b1d46-f48b-11de-b636-00262d61bd7b}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.18 19:13:26 | 000,000,000 | ---D | C] -- C:\Users\DonGonzales\Desktop\MFTools
[2010.09.18 18:50:46 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010.09.18 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.09.18 18:17:17 | 000,177,152 | ---- | C] (Alexander Roshal) -- C:\Windows\Vpipob.exe
[2010.09.18 17:42:45 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.09.18 17:42:45 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.09.18 17:42:45 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.09.18 17:42:45 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.09.18 17:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.09.18 17:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.09.18 08:19:59 | 000,177,152 | ---- | C] (Alexander Roshal) -- C:\Windows\Vpipoa.exe
[2010.09.17 19:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.17 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.09.17 19:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2010.09.16 22:00:18 | 000,000,000 | ---D | C] -- C:\341bf637d49e8974b3ea170010
[2010.09.16 07:48:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.09.16 07:44:51 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.10 09:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.09.10 09:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2009.08.22 03:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.18 19:27:33 | 006,553,600 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat
[2010.09.18 19:24:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.18 19:24:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.18 19:19:25 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.09.18 19:17:20 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.18 19:17:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.18 19:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.18 19:16:48 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.18 18:34:53 | 000,102,412 | ---- | M] () -- C:\Users\DonGonzales\Documents\cc_20100918_183447.reg
[2010.09.18 18:31:13 | 000,001,013 | ---- | M] () -- C:\Users\DonGonzales\Desktop\CCleaner.lnk
[2010.09.18 18:16:54 | 000,177,152 | ---- | M] (Alexander Roshal) -- C:\Windows\Vpipob.exe
[2010.09.18 18:13:15 | 000,007,671 | ---- | M] () -- C:\Users\DonGonzales\AppData\Local\resmon.resmoncfg
[2010.09.18 17:43:26 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.18 08:19:48 | 000,177,152 | ---- | M] (Alexander Roshal) -- C:\Windows\Vpipoa.exe
[2010.09.17 20:09:59 | 000,419,429 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.09.17 19:47:27 | 000,001,264 | ---- | M] () -- C:\Users\DonGonzales\Desktop\Spybot - Search & Destroy.lnk
[2010.09.16 21:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms
[2010.09.16 21:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms
[2010.09.16 21:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TM.blf
[2010.09.16 19:28:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.16 19:15:54 | 003,359,178 | -H-- | M] () -- C:\Users\DonGonzales\AppData\Local\IconCache.db
[2010.09.16 19:08:12 | 000,135,168 | RHS- | M] () -- C:\Users\DonGonzales\qiuipu.exe
[2010.09.16 08:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms
[2010.09.16 08:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms
[2010.09.16 08:17:33 | 000,065,536 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TM.blf
[2010.09.14 16:12:13 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.09.12 13:02:43 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.12 13:02:43 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.12 13:02:43 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.12 13:02:43 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.12 13:02:43 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.18 18:34:50 | 000,102,412 | ---- | C] () -- C:\Users\DonGonzales\Documents\cc_20100918_183447.reg
[2010.09.18 18:31:13 | 000,001,013 | ---- | C] () -- C:\Users\DonGonzales\Desktop\CCleaner.lnk
[2010.09.18 17:43:26 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.18 08:19:51 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.09.17 19:47:27 | 000,001,264 | ---- | C] () -- C:\Users\DonGonzales\Desktop\Spybot - Search & Destroy.lnk
[2010.09.16 21:49:34 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms
[2010.09.16 21:49:34 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms
[2010.09.16 21:49:34 | 000,065,536 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TM.blf
[2010.09.16 19:08:12 | 000,135,168 | RHS- | C] () -- C:\Users\DonGonzales\qiuipu.exe
[2010.09.16 08:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms
[2010.09.16 08:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms
[2010.09.16 08:17:33 | 000,065,536 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TM.blf
[2010.09.14 08:49:11 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.09 11:26:18 | 000,000,493 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.02.23 12:54:12 | 000,017,408 | ---- | C] () -- C:\Users\DonGonzales\AppData\Local\WebpageIcons.db
[2010.01.05 13:04:44 | 000,007,671 | ---- | C] () -- C:\Users\DonGonzales\AppData\Local\resmon.resmoncfg
[2009.12.23 18:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.05 15:36:23 | 000,001,768 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.11.05 07:31:57 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.11.05 07:12:32 | 000,008,308 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009.11.05 07:11:37 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009.08.22 03:43:39 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.08.22 01:01:23 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.08.22 01:01:23 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.08.22 01:01:21 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.08.22 01:01:21 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.08.22 01:01:21 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 14:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[1997.11.17 10:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
 
========== LOP Check ==========
 
[2009.12.24 09:18:30 | 000,000,000 | -HSD | M] -- C:\Users\DonGonzales\AppData\Roaming\.#
[2009.12.30 05:36:06 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\DAEMON Tools Lite
[2010.03.30 11:04:50 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Facebook
[2009.12.23 17:47:40 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\GameConsole
[2009.12.26 08:06:25 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\GHISLER
[2010.06.06 15:59:24 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\ICQ
[2009.12.23 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Opera
[2009.12.24 07:28:24 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\PowerCinema
[2009.12.23 18:00:44 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\SoftDMA
[2010.06.06 14:37:38 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Stardock
[2010.02.05 09:07:54 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Thunderbird
[2010.07.23 08:21:06 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010.08.20 22:08:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.18 19:17:20 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.18 19:19:25 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
< End of report >
         
--- --- ---

Alt 20.09.2010, 10:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



Zitat:
Hi, ich hab seit ein paar Tagen diesen Trojaner an Board und bekomm ihn nicht los
Pfadangaben?
__________________

__________________

Alt 21.09.2010, 02:32   #3
DonGonz
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



ich bin mir nich ganz sicher ob du das meinst, aber die virusmeldung von antivir lautet in etwa immer:TR/Crypt.XPACK.Gen3 in C:/Benutzer/Colombia/sbnat.exe gefunden.
falls du was anderes mit pfadangaben meinst spezifiere das doch mal bitte... bin nich so der crack ^^
irgendwie werden in dem Benutzerordner Colombia, was mein aktuelle Userkonto ist immer wieder diverse Dateien erstellt, wenn ich sie lösche sind sie nach ner weile wieder da. merkwürdig ist auch, das alle wechseldatenträger die ich anschliesse zwar angezeigt werden, wenn ich sie öffne werden die unterordner jedoch nur als link angezeigt. wenn ich die links dann öffne, öffnet sich ein neues fenster und ich kann auf die daten zugreifen. problem ist aber, das ich aus anderen programmen nicht auf die daten auf den wechseldatenträgern zugreifen kann, weil sie da nich angezeigt werden. wenn du weitere infos brauchst sag bescheid, auch wenn ich immer mit einigem zeitverzug antworte weil ich in kolumbien bin.
grüße
gonz
__________________

Alt 21.09.2010, 11:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



Zitat:
TR/Crypt.XPACK.Gen3 in C:/Benutzer/Colombia/sbnat.exe gefunden.
ja, das wollte ich wissen.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.09.2010, 00:02   #5
DonGonz
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



Hier das MWB Log

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4663

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.09.2010 17:00:25
mbam-log-2010-09-21 (17-00-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 462055
Laufzeit: 1 Stunde(n), 55 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 73

Infizierte Speicherprozesse:
C:\Windows\Vpipoi.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Users\Colombia\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Colombia\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Vpipoi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1003\$R6UEDQO.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1003\$R72K61S.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1003\$R9Y4RN8.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1003\$RVXX0DK.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1004\$RSO9IDK.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1628079851-2681031256-932489147-1004\$RZL6R85.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\cll.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\doatay.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\fuulik.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\goagiz.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\hovex.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\uewug.exe (P2P.Worm) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vw8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vww.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vwz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx7.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vx8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vxz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vya.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Colombia\AppData\Local\Temp\Vyq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipoe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipof.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipog.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Vpipoh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


Alt 22.09.2010, 12:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 auf win7 64bit system - Standard

TR/Crypt.XPACK.Gen3 auf win7 64bit system



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> TR/Crypt.XPACK.Gen3 auf win7 64bit system

Antwort

Themen zu TR/Crypt.XPACK.Gen3 auf win7 64bit system
0 bytes, 64-bit, alternate, antivir, antivir guard, ask toolbar, ask.com, audiograbber, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, combofix, components, conduit, desktop, error, excel, extras.txt, fehler, firefox.exe, flash player, hijack, hijackthis, home premium, iastor.sys, install.exe, installation, jdownloader, launch, local\temp, location, locker, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, mywinlocker, need for speed, office 2007, oldtimer, opera.exe, otl.exe, programdata, realtek, registry, safer networking, saver, searchplugins, security, security update, shell32.dll, shortcut, software, sptd.sys, system, syswow64, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, trojaner, usb, usb 2.0, vlc media player, webcheck, win7 64bit, windows



Ähnliche Themen: TR/Crypt.XPACK.Gen3 auf win7 64bit system


  1. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  2. TR/CRYPT.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (1)
  3. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  4. Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  5. TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm
    Log-Analyse und Auswertung - 17.07.2011 (15)
  6. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (3)
  7. Antir hat Trojaner TR/Crypt.XPACK.Gen3 in C:\System Volume Information ... gefunden!
    Log-Analyse und Auswertung - 28.02.2011 (1)
  8. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (49)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ?
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (6)
  11. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (14)
  12. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (11)
  15. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  16. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  17. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)

Zum Thema TR/Crypt.XPACK.Gen3 auf win7 64bit system - Hi, ich hab seit ein paar Tagen diesen Trojaner an Board und bekomm ihn nicht los. Ich hab auch gelesen das zu dem Thema schon einiges da ist, aber beispielsweise - TR/Crypt.XPACK.Gen3 auf win7 64bit system...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 auf win7 64bit system auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.