Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.08.2012, 09:51   #1
Eter
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


Hallo!

Ich hab mir gestern Nacht wohl den Trojaner TR/Crypt.ZPACK.Gen eingefangen ...

Mein PC hat sich mit einem Blue Screen verabschiedet, und sich gleich darauf wieder selbst hochgefahren. Ich hab ihn dann im Safe Mode gestartet und einen Avira System Scan laufen lassen, der eben den Trojaner in Quarantäne verschoben hat.

Ich verwende Avira Free Antivirus und komischerweise ist der Echtzeit Scanner aus geschaltet, ich kann ihn aber leider auch nicht selbst wieder einschalten - weiß nicht, ob das irgendwie mit dem Trojaner zusammen hängt (?).

Nachdem ich hier einige Posts gelesen habe, geh ich davon aus, dass mein Computer noch nicht sicher ist und dass ich noch diverse andere Programme drüber laufen lassen muss, bevor wieder alles ok ist.

Könnt ihr mir bitte weiterhelfen und mir sagen, welche Schritte nun folgen sollten?

Und kann ich den PC, jetzt da der Trojaner in Quarantäne ist, auch wieder normal, ohne Safe Mode starten - oder sollte ich das lieber nicht? (Schreibe gerade vom zweit PC.)

Danke schon mal für eure Hilfe,

Gruß
Eter

Alt 03.08.2012, 17:54   #2
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


hi
versuch ihn mal normal zu starten.
dann:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 03.08.2012, 22:04   #3
Eter
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


Hey markusg,
danke für Deine schnelle Antwort!



OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 03.08.2012 22:14:56 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\acer\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 44,98% Memory free
4,19 Gb Paging File | 2,75 Gb Available in Paging File | 65,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 24,58 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive E: | 43,95 Gb Total Space | 33,60 Gb Free Space | 76,45% Space Free | Partition Type: NTFS
Drive F: | 41,63 Gb Total Space | 6,29 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.03 22:11:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
PRC - [2012.08.03 21:52:39 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.05.24 18:00:30 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.01.26 12:01:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.08 01:25:14 | 004,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.07 09:51:46 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007.10.23 07:26:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.09.07 05:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.07.05 09:05:54 | 000,094,208 | ---- | M] (sonix) -- C:\Windows\PLFSetL.exe
PRC - [2006.11.29 05:20:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006.11.29 05:20:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006.11.29 05:20:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.11.17 10:10:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006.11.17 10:09:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006.11.17 10:07:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.11.16 23:36:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.10.23 07:26:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007.08.20 06:10:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.05.10 21:20:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2006.11.17 10:11:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006.11.17 10:09:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.07.10 12:11:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.22 04:44:41 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.29 05:20:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006.11.29 05:20:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006.11.17 10:07:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2008.11.19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.10.01 11:29:50 | 000,240,128 | ---- | M] (PARADOX) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice)
DRV - [2007.10.01 11:29:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.09.26 09:42:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.28 12:17:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.05.01 21:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.11.29 05:20:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006.11.29 05:20:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006.11.29 05:20:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006.11.29 05:20:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006.11.28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.06.09 03:38:24 | 000,006,909 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UIUSYS.SYS -- (UIUSys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://orf.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{2DCAEB4D-F6F2-4269-BFB7-7B30E08DD3EF}: "URL" = hxxp://at.forestle.org/search.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Forestle (at)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://orf.at/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.05.24 18:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.07 16:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.10 12:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.23 19:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.23 19:01:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.10 12:11:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.23 19:01:54 | 000,000,000 | ---D | M]
 
[2011.03.19 17:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2011.03.19 17:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.25 12:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\2t9pyjf7.default\extensions
[2011.10.31 23:44:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\2t9pyjf7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.30 13:33:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\2t9pyjf7.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.07.25 12:18:48 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\2t9pyjf7.default\extensions\firefox@ghostery.com
[2009.11.26 15:13:37 | 000,002,321 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\2t9pyjf7.default\searchplugins\forestle-at.xml
[2012.04.16 06:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.19 19:28:20 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.10 12:11:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.11 14:12:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.26 18:04:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.26 18:04:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.26 18:04:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.26 18:04:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.26 18:04:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.26 18:04:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.24 20:36:04 | 000,355,968 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 12235 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Microsoft Firewall 2.9] C:\Users\acer\AppData\Roaming\WMPRWISE.EXE File not found
O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AEB6237-A7D4-4726-BCF2-31447711DFAA}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.11 14:32:37 | 000,000,000 | ---D | M] - E:\AUTOCAD_2004 -- [ NTFS ]
O33 - MountPoints2\{3c891dee-c726-11df-87da-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{3c891dee-c726-11df-87da-000000000000}\Shell\AutoRun\command - "" = D:\LGAutoRun.exe
O33 - MountPoints2\{629a401a-b551-11dd-86d4-001d72c58f55}\Shell\auto\command - "" = Limit.exe
O33 - MountPoints2\{629a401a-b551-11dd-86d4-001d72c58f55}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Limit.exe
O33 - MountPoints2\{629a401a-b551-11dd-86d4-001d72c58f55}\Shell\explore\command - "" = Limit.exe
O33 - MountPoints2\{629a401a-b551-11dd-86d4-001d72c58f55}\Shell\open\command - "" = Limit.exe
O33 - MountPoints2\{8db32677-4b90-11de-903e-001d72c58f55}\Shell - "" = AutoRun
O33 - MountPoints2\{8db32677-4b90-11de-903e-001d72c58f55}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{d367c07a-695c-11de-99a2-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{d367c07a-695c-11de-99a2-000000000000}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 22:10:59 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.07.12 09:30:53 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.03 22:22:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 22:20:09 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EE7E9209-F192-4059-A713-58DCBD44A193}.job
[2012.08.03 22:11:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.08.03 21:51:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 21:51:00 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 21:50:59 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 21:50:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.03 21:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 00:14:36 | 274,246,455 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.02 00:40:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.17 08:38:40 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 08:38:40 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.11 21:42:30 | 000,111,108 | ---- | M] () -- C:\Users\acer\Documents\Apartheid_Power_Relations_and_Dominace_Structures-Topitz.pdf
[2012.07.11 21:34:31 | 000,111,978 | ---- | M] () -- C:\Users\acer\Documents\Apartheid_Power Relations and Dominance Structures_Topitz.pdf
 
========== Files Created - No Company Name ==========
 
[2012.07.11 21:42:29 | 000,111,108 | ---- | C] () -- C:\Users\acer\Documents\Apartheid_Power_Relations_and_Dominace_Structures-Topitz.pdf
[2012.07.11 21:34:29 | 000,111,978 | ---- | C] () -- C:\Users\acer\Documents\Apartheid_Power Relations and Dominance Structures_Topitz.pdf
[2012.07.06 01:13:56 | 274,246,455 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.14 19:55:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.05.05 14:04:09 | 000,004,096 | -H-- | C] () -- C:\Users\acer\AppData\Local\keyfile3.drm
[2011.03.31 17:17:51 | 000,000,605 | ---- | C] () -- C:\Users\acer\Studienbestaetigung_univis.univie.ac.lnk
[2010.11.16 11:21:07 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.16 11:21:06 | 000,000,471 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.16 11:21:05 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd4040cn.dat
[2010.11.16 11:19:52 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010.11.16 11:19:51 | 000,000,147 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010.11.16 11:19:51 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.11.16 11:19:50 | 000,020,605 | ---- | C] () -- C:\Windows\HL-4040CN.INI
[2010.11.16 11:19:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010.11.16 11:19:46 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010.11.16 11:19:45 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2008.11.03 15:44:47 | 000,080,384 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 18:37:56 | 000,031,007 | ---- | C] () -- C:\Users\acer\AppData\Roaming\UserTile.png
[2008.10.17 12:06:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.10.01 11:27:17 | 000,001,356 | ---- | C] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2009.05.25 17:01:38 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\CoSoSys
[2012.08.03 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Dropbox
[2011.10.31 23:45:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoft
[2011.10.31 23:44:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.23 22:22:13 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\eTeks
[2009.02.08 09:11:34 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\EuroTalk
[2009.05.08 12:55:28 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ICAClient
[2009.04.08 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\LimeWire
[2011.12.14 19:55:16 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\pdfforge
[2008.10.31 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PeerNetworking
[2012.02.07 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Swiss Academic Software
[2011.03.19 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Thunderbird
[2012.08.02 00:40:18 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.03 22:20:09 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EE7E9209-F192-4059-A713-58DCBD44A193}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.09.01 22:49:22 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.10.02 00:38:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.10.01 11:50:27 | 000,000,000 | ---D | M] -- C:\Intel
[2008.10.01 11:54:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.11 10:17:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.03 14:11:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.29 16:08:48 | 000,000,000 | ---D | M] -- C:\QUARANTINE
[2012.08.03 22:17:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.01 22:48:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.03 01:52:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.22 04:34:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.11.22 04:34:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.11.22 04:34:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.11.22 04:34:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.11.22 04:47:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.11.22 04:47:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.11.22 04:18:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.11.22 04:18:43 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.11.22 04:18:43 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\a1e88937d6124d37b0687188749b6202\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.06.20 23:48:44 | 000,084,992 | ---- | M] () -- C:\Users\acer\DRAFT gesamter BerichtKORR.doc
[2012.06.20 22:54:33 | 000,058,368 | ---- | M] () -- C:\Users\acer\Nobelprice Lecture - Gordimer.doc
[2012.08.03 22:15:08 | 008,912,896 | -HS- | M] () -- C:\Users\acer\NTUSER.DAT
[2012.08.03 22:15:08 | 000,262,144 | -H-- | M] () -- C:\Users\acer\ntuser.dat.LOG1
[2008.10.01 11:27:16 | 000,000,000 | -H-- | M] () -- C:\Users\acer\ntuser.dat.LOG2
[2008.10.01 11:30:42 | 000,065,536 | -HS- | M] () -- C:\Users\acer\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2008.10.01 11:30:42 | 000,524,288 | -HS- | M] () -- C:\Users\acer\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2008.10.01 11:30:42 | 000,524,288 | -HS- | M] () -- C:\Users\acer\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms
[2008.10.01 11:27:16 | 000,000,020 | -HS- | M] () -- C:\Users\acer\ntuser.ini
[2011.03.31 17:17:51 | 000,000,605 | ---- | M] () -- C:\Users\acer\Studienbestaetigung_univis.univie.ac.lnk
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
[2012.08.03 21:52:39 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\acer\Local Settings\Temp\RtkBtMnt.exe
[1 C:\Users\acer\Local Settings\Temp\*.tmp files -> C:\Users\acer\Local Settings\Temp\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
--- --- ---

--- --- ---
und

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.08.2012 22:14:56 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\acer\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16809)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 44,98% Memory free
4,19 Gb Paging File | 2,75 Gb Available in Paging File | 65,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 24,58 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive E: | 43,95 Gb Total Space | 33,60 Gb Free Space | 76,45% Space Free | Partition Type: NTFS
Drive F: | 41,63 Gb Total Space | 6,29 Gb Free Space | 15,11% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3780962376-3613741154-3572423336-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E461D82-C9BA-4AF8-94E7-19A1E844CAF6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{20D170F5-2220-4DF8-87FF-FB2668488686}" = lport=137 | protocol=17 | dir=in | app=system | 
"{25CFB73C-A6F1-485A-BBA4-3ACC769CAF42}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2C3417DF-3241-4224-9143-4874C8428850}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3C6AEB23-062B-46E5-AABF-71DB7056D61A}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{41AE00AC-4D49-479D-9FAE-727ABDE88C13}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{440427A6-A874-45A0-B9F5-92E1D5666056}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{44C1C74D-03E8-492B-9C24-A2A7FC5531B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A25A88E-74F5-452E-9315-74C278F9B4AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D80760C-7303-4E26-B292-0D7467FFCE19}" = lport=445 | protocol=6 | dir=in | app=system | 
"{92A831C9-1EBF-48E3-979F-19728766629B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{9411EB15-F583-468C-8C4D-65380D1A3836}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B83BF64-1716-44FC-8CFB-6329CDCC0E65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9194D8C-8C31-4197-9E2B-92DFC94502E5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AD77C489-88D8-43E5-A093-ACB1B25C7CD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AF5371FF-2CAE-4368-9420-B35CCD53CFFD}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{BBEDA917-AA6A-4D72-A250-F6A394DEF2A0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C55DBC45-E082-43B9-B446-B7C242581524}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{CB34A853-0EBD-469C-AB90-D7533D00ED92}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CBF7EECD-A8F2-48D0-91EB-AC3A5D68B09A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DEC8A8CE-5400-41ED-83C0-38A00066A7C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E10275A3-DB81-40BE-9775-69E529D79CEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C54CE03-D5EF-495D-BB37-B1E7F889C927}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{21B3EF55-6796-4A16-B2F8-05D7225D55F2}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{304E4EF3-B245-490A-BCE6-F994DB487175}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{5ED00429-5996-42B7-911C-7BB2367CE680}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6751AD2B-10EC-4573-AF0D-54DDDD37CCE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{74602D33-B642-46EF-AD89-06C4AA21C1DD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{74FA1E7F-C2CF-4C08-92C4-5ED22336DEF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{758645F0-9473-4F99-A131-59AD22DD052F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8E7F96F5-8850-447D-8B05-5C9480F50E0C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8F3C58D5-1FE0-4FE3-BB92-360CA1811276}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9C50C5D6-E937-4C4D-B388-75F80BA79B79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A1407558-5D12-47D9-9AD4-13021E6C14EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A6AD0FCA-65CE-48C9-B5A2-19A58958FC33}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{B2F04349-F165-445A-BB6B-23501E985AEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B78AC943-77B3-4D0B-A562-1152CEE04A7F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{C61D7699-406E-46D2-9617-2A7C2B909B2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E259860E-3ED2-4979-95BB-B22809992AE4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E3E67D16-8666-4323-AF5F-455065642B1F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EE920927-024C-44DF-B8D7-AF4B9E196AF8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F13AC7E7-A5C7-4C24-8A96-3604E1405BAD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{FE664D3F-FDD4-40AD-9037-BF60F2854571}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{FE968C2B-97D4-450C-82EC-07EE4495A227}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{05BFD3B1-818D-482F-8346-019CF4574983}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{119F6C88-EFA0-4B96-A9B2-75BA9772FA2A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{22F26AE8-85AE-47B8-8776-5D426E549772}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{25797A97-B200-471B-9FF9-50B8899136AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{401EC694-4068-48E0-830E-A753CD0818AD}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{4234FB55-6909-478A-9FDF-4CC1163FA35F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{46D42409-88E3-4699-AC9C-3F6067AE38D1}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{6EE4E2D7-2F8A-4866-A323-91E638E0B487}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{7A96E172-FA26-4D4E-9174-1392896892E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{A9E7E4FF-4094-4AF5-8D07-2369C67D5255}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{CF268574-600A-4129-86E8-467B978ACC80}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{2269B481-1FA9-44FB-9F76-B9AE589C781E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{3D808E77-3A5A-47EC-95D4-34ABB23CBBD4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6BCD9EF5-35A3-4143-93E3-872E5E8D8EF9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{8599DC97-8E81-48C8-BA48-BF6528BE5E11}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9408958B-8048-419F-BB89-4ACA6A2C6C24}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{A6CC3ED3-93F4-4773-AD28-3CC4539698C8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{BCD72999-F27F-493D-A669-F1B002F51DA9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{C6D8A443-8941-431B-8607-1AD10AF3428B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D56D866E-066A-4DA7-BC71-5228659CEAC1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{E480D06B-849D-4940-902C-BAEA37AF8357}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{E9F33EC6-0B76-4AD5-8B5B-B437B0352435}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.215_Foxconn Installation Program
"{2876AEE2-A9C9-4585-A46A-44CF451C960E}" = Vista x86 OneClick Activator
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9AB206-D44C-401E-84C0-938D2FF52183}" = Brother HL-4040CN
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BFBBA4F4-03C8-4126-B81D-4A2542DA1E11}" = AuthenTec Fingerprint Sensor Minimum Install
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LG PC Suite IV" = LG PC Suite IV
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"RealPlayer 6.0" = RealPlayer
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"xp-AntiSpy" = xp-AntiSpy 3.97-6
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.10.2010 20:04:41 | Computer Name = acer-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 8
 
Error - 21.10.2010 03:40:29 | Computer Name = acer-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 8
 
Error - 21.10.2010 11:50:48 | Computer Name = acer-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 8
 
Error - 21.10.2010 12:06:19 | Computer Name = acer-PC | Source = Avira AntiVir | ID = 4118
Description = 
 
Error - 21.10.2010 16:18:10 | Computer Name = acer-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 8
 
Error - 23.10.2010 06:38:27 | Computer Name = acer-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 8
 
Error - 23.10.2010 06:42:18 | Computer Name = acer-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 23.10.2010 14:09:08 | Computer Name = acer-PC | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe!    Exception details follow :    VSCORE.13.3.1.100
Exception
 Code       : 0XC0000005  Exception Address    : 0X76BE7369  Exception Parameters : 
2   Param 1 = 0X00000001   Param 2 = 0X00000600    More information :  ScanRequest : NTName
 is \device\floppy0.  
 
Error - 07.11.2010 18:41:46 | Computer Name = acer-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2828 (0xb0c)    Thread address : 0x77770F34    Thread message :      Build VSCORE.13.3.1.100
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Windows\Temp\WFVEA40.tmp

 by SYSTEM   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)

 5004(0)(0)  
 
Error - 07.11.2010 18:41:46 | Computer Name = acer-PC | Source = McLogEvent | ID = 1008
Description = The McShield service terminated unexpectedly.    Please review event 5019
 or 5051 for details.  The McShield service will be restarted in 5 seconds;
 
[ System Events ]
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.08.2012 18:17:12 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.08.2012 15:51:02 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2012 15:55:39 | Computer Name = acer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.1 for the Network Card with network address
 00215C111DFF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
 DHCPNACK message).
 
Error - 03.08.2012 15:55:39 | Computer Name = acer-PC | Source = Tcpip | ID = 4198
Description = The system detected an address conflict for IP address 10.0.0.1 with
 the system  having network hardware address 14-7D-C5-FF-2A-13. The local interface
 has been disabled.
 
 
< End of report >
--- --- ---

Gruß, Eter
__________________
Alt 04.08.2012, 17:03   #4
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


hi
nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.08.2012, 09:19   #5
Eter
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


ja mach ich ...
warum, fragst du?

lg


Alt 07.08.2012, 12:39   #6
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


sorry für die wartezeit,
rufe die bank an, lasse es wegen einem banking trojaner sperren.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
--> TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe

Alt 07.08.2012, 16:41   #7
Eter
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


ach du sch***!

ok, kann man jetzt nichts mehr machen ... danke für Deine Hilfe jedenfalls! Und wär super wenn Du mich bei den nächsten Schritten begleiten kannst, kenn mich damit nämlich nicht gut aus - lerne dafür aber gerade viel dazu!

Ich werd jetzt mal anfangen und versuchen meine Daten zu retten - ich hab den Laptop (Acer, TravelMate 5720) vor Ewigkeiten im Ausland gekauft und wüsste nicht, dass ich außer einer Resource DVD noch andere CDs dazu bekommen hätte. Hilft die mir weiter, oder soll ich mir von Freunden ein altes Betriebssystem schnappen? Und zurücksetzen hilft auch nicht, oder?

lg

Alt 08.08.2012, 19:39   #8
markusg
/// Malware-holic
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


hi
was steht denn auf der cd drauf, wenns nicht grad englisch ist, was ichverstehen würde, müsstest es, wenn möglich auf deutsch übersetzen :d
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.08.2012, 17:51   #9
Eter
 
TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Standard

TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


hey
auf der CD steht "TravelMate 5720/5320 Series, Extensa 5620/5220 Series, Resource DVD" und dass sie nur mit einem neuen Acer PC verkauft werden darf und ich denk eine Seriennummer "P/N:OV.N110C.002".

Antwort

Themen zu TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe
acer, antivirus, appdata, avira, blue, blue screen, computer, diverse, eingefangen, folge, folgen, free, hängt, nicht sicher, programme, quarantäne, scan, scanner, screen, starten, system, temp, tr/crypt.zpack.gen, trojaner, zusammen


« TR/agent.ujs.2 durch Avira gefunden | Ukash Trojaner Windows Update 100 Euro zahlen »


Ähnliche Themen: TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  3. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  4. TR/Crypt.XPACK.Gen8 in C:\Users\main\AppData\Local\Temp\aromecxsnw.exe
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  5. TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (24)
  6. TR/Crypt.ZPACK.Gen8 in C:\Users\XXX\AppData\Local\Temp\msimg32.dll
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (27)
  7. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  8. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  9. TR/Crypt.ZPACK.Gen in C:\Users\Isabel\AppData\Local\Temp\msimg32.dll (Firewall deaktiviert)
    Plagegeister aller Art und deren Bekämpfung - 24.04.2012 (17)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  12. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  13. C:\Users\Besitzer\AppData\Local\Temp\irftsync.dll ist das Trojanische Pferd TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (2)
  14. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  15. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe - Hallo! Ich hab mir gestern Nacht wohl den Trojaner TR/Crypt.ZPACK.Gen eingefangen ... Mein PC hat sich mit einem Blue Screen verabschiedet, und sich gleich darauf wieder selbst hochgefahren. Ich hab - TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131