| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3 auf win7 64bit systemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2010, 01:47
| #1 |
| |  TR/Crypt.XPACK.Gen3 auf win7 64bit system Hi, ich hab seit ein paar Tagen diesen Trojaner an Board und bekomm ihn nicht los. Ich hab auch gelesen das zu dem Thema schon einiges da ist, aber beispielsweise combofix funktioniert bei mir nicht, weil ich ein 64 bit sys hab. zumindest hat es mir dies bei der installation gesagt. ich hab deshalb nun doch nen thread eröffnet.... hoffe ihr könnt mir helfen. hier also die logs: hijack log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:52:12, on 18.09.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Windows\SysWOW64\mmrtkrnl.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [qiuipu] C:\Users\DonGonzales\qiuipu.exe /e O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [foaveo] C:\Users\Colombia\foaveo.exe /G (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [reaemac] C:\Users\Colombia\reaemac.exe /g (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [riuagib] C:\Users\Colombia\riuagib.exe /J (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [txroap] C:\Users\Colombia\txroap.exe /Y (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ymhioj] C:\Users\Colombia\ymhioj.exe /v (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [leafiem] C:\Users\Colombia\leafiem.exe /O (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [doiabos] C:\Users\Colombia\doiabos.exe /o (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [Metropolis] rundll32.exe C:\Users\Colombia\AppData\Local\Temp\sshnas21.dll,GetHandle (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ASH24SXZ9S] C:\Users\Colombia\AppData\Local\Temp\Vxi.exe (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [vooaboc] C:\Users\Colombia\vooaboc.exe /L (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [foxoy] C:\Users\Colombia\foxoy.exe /S (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [voeoko] C:\Users\Colombia\voeoko.exe /y (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [waimo] C:\Users\Colombia\waimo.exe /O (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [yaoaqa] C:\Users\Colombia\yaoaqa.exe /i (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [diiop] C:\Users\Colombia\diiop.exe /h (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [qkliov] C:\Users\Colombia\qkliov.exe /F (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [xaobuf] C:\Users\Colombia\xaobuf.exe /E (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [naufe] C:\Users\Colombia\naufe.exe /Q (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [ceuepe] C:\Users\Colombia\ceuepe.exe /I (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [qiemoe] C:\Users\Colombia\qiemoe.exe /A (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [zonoy] C:\Users\Colombia\zonoy.exe /b (User 'Colombia') O4 - HKUS\S-1-5-21-1628079851-2681031256-932489147-1004\..\Run: [sytum] C:\Users\Colombia\sytum.exe /Z (User 'Colombia') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14623 bytes OTL Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.09.2010 19:25:55 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 126,75 Gb Free Space | 44,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 14,94 Gb Free Space | 3,21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: GONZOLAP
Current User Name: DonGonzales
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{33037348-6BB9-59EA-80DE-8D7E0E906B83}" = ccc-utility64
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D10D9994-4337-8067-F5D7-9F8FEC1E4A00}" = ATI Catalyst Install Manager
"LSI Soft Modem" = LSI HDA Modem
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{09B14334-89FF-B11A-5D9B-14BBA2D8A4C3}" = CCC Help Hungarian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{19992AF5-2780-7E2C-100D-0A300A22DB6F}" = CCC Help Korean
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3048B1-28C0-5231-B071-7BA3FBF2EF6B}" = CCC Help German
"{2F76BE0B-11EF-593F-FD8B-52C1EDEFD99F}" = CCC Help English
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D542863-7E63-D988-168A-48C48B9B7A9B}" = Catalyst Control Center Graphics Light
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AE958E0-0656-FC87-1D7E-B7143AC235E7}" = CCC Help Spanish
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{557FCE92-4537-6C23-7489-E5836908EB76}" = Catalyst Control Center Core Implementation
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5E174F7A-245B-D9A1-0FB1-5DEB3E7C4AFA}" = CCC Help Italian
"{5E3AE725-CACE-9016-D454-02B91CD33C75}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F25EB2C-0972-8528-7DEA-9FCAE8AA026E}" = Catalyst Control Center Graphics Full New
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3A514C-B4B2-C5B3-FDF9-12329E6E92BC}" = Catalyst Control Center Localization All
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8297136B-D69B-21F8-EA06-6527B4D2080F}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD57F82-FFF4-13F7-F854-976E34CBDDF8}" = Catalyst Control Center Graphics Previews Vista
"{8DAB0DFE-093F-4C77-5301-59C394EE8FA0}" = CCC Help Norwegian
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{A05CA92F-4FE3-7129-6963-03AA82FB8817}" = CCC Help Portuguese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A9A51417-934D-EB1E-705B-276F9C3749D7}" = CCC Help Swedish
"{A9DD5F30-96A2-CDF5-FDEA-0A11BF14AFB2}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE65393D-F007-E7F6-BD5E-A5B7CB65FACB}" = CCC Help Dutch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B70EC123-01CE-94B9-433D-85696F5D4453}" = CCC Help Greek
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C1877FF5-519A-C207-A5E9-4E692174FE4A}" = ccc-core-static
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}" = ES
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D4519837-7F74-4DB3-36AF-94CDC3511F7A}" = CCC Help Japanese
"{D74163DC-0BF1-0A8F-BA2E-D3B5ACD4D9D9}" = CCC Help Polish
"{D93AC7DC-EC2C-96A7-0733-07B05BD710CE}" = CCC Help Thai
"{DA79E283-89F5-D6A5-6D0B-D55FD8721668}" = CCC Help Finnish
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E78A0DB3-74D6-F576-331F-33780D1D8D7E}" = Catalyst Control Center Graphics Full Existing
"{E88CF135-CB50-319C-8268-1BED4261FDB2}" = CCC Help Chinese Standard
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB6DA76C-AA15-91FE-E6D7-A2B3ED4F6E29}" = CCC Help Danish
"{EC4B8E73-EB41-0386-8C39-7F6FC2CFD840}" = CCC Help Russian
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEE4B066-28B3-145F-CEB6-2D47F2A83E3D}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Pro Pinball - Timeshock!" = Pro Pinball - Timeshock!
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows
"SopCast" = SopCast 3.2.9
"StarCraft II" = StarCraft II
"Totalcmd" = Total Commander (Remove or Repair)
"TVUPlayer" = TVUPlayer 2.5.2.2
"Veetle TV" = Veetle TV 0.9.15
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2010 20:01:35 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.09.2010 20:05:05 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.09.2010 20:05:05 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.09.2010 20:05:09 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.09.2010 20:05:10 | Computer Name = GonzoLAP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.09.2010 20:10:35 | Computer Name = GonzoLAP | Source = VSS | ID = 12310
Description =
Error - 16.09.2010 20:17:12 | Computer Name = GonzoLAP | Source = ESENT | ID = 215
Description = WinMail (3556) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 16.09.2010 20:17:16 | Computer Name = GonzoLAP | Source = ESENT | ID = 215
Description = WinMail (2640) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 16.09.2010 21:00:49 | Computer Name = GonzoLAP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 1.9.1.3728,
Zeitstempel: 0x4ba12250 Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
Zeitstempel: 0x4ba112a1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000094f8 ID des fehlerhaften
Prozesses: 0xb10 Startzeit der fehlerhaften Anwendung: 0x01cb5603c37b0ff0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\MOZCRT19.dll
Berichtskennung:
026648e1-c1f7-11df-af2a-00262d61bd7b
Error - 16.09.2010 21:10:23 | Computer Name = GonzoLAP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 1.9.1.3728,
Zeitstempel: 0x4ba12250 Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
Zeitstempel: 0x4ba112a1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000094f8 ID des fehlerhaften
Prozesses: 0x6e4 Startzeit der fehlerhaften Anwendung: 0x01cb5603c44eb61d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\MOZCRT19.dll
Berichtskennung:
584762cd-c1f8-11df-af2a-00262d61bd7b
[ Media Center Events ]
Error - 03.02.2010 14:14:20 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:14:20 - Fehler beim Herstellen der Internetverbindung. 19:14:20
- Serververbindung konnte nicht hergestellt werden..
Error - 03.02.2010 14:14:26 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:14:25 - Fehler beim Herstellen der Internetverbindung. 19:14:25
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2010 13:22:34 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 18:22:34 - Fehler beim Herstellen der Internetverbindung. 18:22:34
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2010 13:22:51 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 18:22:41 - Fehler beim Herstellen der Internetverbindung. 18:22:41
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2010 14:22:59 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:22:58 - Fehler beim Herstellen der Internetverbindung. 19:22:58
- Serververbindung konnte nicht hergestellt werden..
Error - 04.02.2010 14:23:06 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 19:23:04 - Fehler beim Herstellen der Internetverbindung. 19:23:04
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 04:34:33 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 09:34:30 - Fehler beim Herstellen der Internetverbindung. 09:34:30
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 05:34:38 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 10:34:38 - Fehler beim Herstellen der Internetverbindung. 10:34:38
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 06:34:43 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 11:34:43 - Fehler beim Herstellen der Internetverbindung. 11:34:43
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2010 07:49:59 | Computer Name = GonzoLAP | Source = MCUpdate | ID = 0
Description = 12:49:55 - Fehler beim Herstellen der Internetverbindung. 12:49:55
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.06.2010 09:59:52 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:05:02 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:10:12 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:15:22 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:20:32 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:25:42 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:30:52 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:36:02 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 24.06.2010 10:41:12 | Computer Name = GonzoLAP | Source = NetBT | ID = 4321
Description = Der Name "HOLBEINE :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.4 registriert werden. Der Computer mit IP-Adresse 192.168.0.2
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.06.2010 13:54:21 | Computer Name = GonzoLAP | Source = BROWSER | ID = 8032
Description =
< End of report >
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2010 19:25:55 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,30 Gb Total Space | 126,75 Gb Free Space | 44,43% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 465,76 Gb Total Space | 14,94 Gb Free Space | 3,21% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GONZOLAP Current User Name: DonGonzales Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Colombia\kzruec.exe () PRC - C:\Users\Colombia\AppData\Local\Temp\Vxi.exe (Alexander Roshal) PRC - C:\Windows\Vpipob.exe (Alexander Roshal) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - c:\program files (x86)\avira\antivir desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech) ========== Modules (SafeList) ========== MOD - C:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361209d236l0388z165t58l1v363 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.daemon-search.com/startpage|google.de" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.29 02:41:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.11 02:28:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.04.06 16:57:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.07.11 02:28:02 | 000,000,000 | ---D | M] [2010.02.05 09:07:55 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Extensions [2010.02.05 09:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.16 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Firefox\Profiles\e3fredlz.default\extensions [2010.05.08 07:50:00 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\mozilla\Firefox\Profiles\e3fredlz.default\extensions\firefox@tvunetworks.com [2010.04.22 07:13:21 | 000,002,059 | ---- | M] () -- C:\Users\DonGonzales\AppData\Roaming\Mozilla\FireFox\Profiles\e3fredlz.default\searchplugins\daemon-search.xml [2010.07.22 15:07:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.04.17 05:37:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.17 05:37:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.04.17 05:37:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.17 05:37:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.17 05:37:23 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.17 20:09:59 | 000,419,429 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14471 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [qiuipu] C:\Users\DonGonzales\qiuipu.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.13.249.101 200.13.224.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - Unable to obtain root file information for disk F:\ O33 - MountPoints2\{634b1d46-f48b-11de-b636-00262d61bd7b}\Shell - "" = AutoRun O33 - MountPoints2\{634b1d46-f48b-11de-b636-00262d61bd7b}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.18 19:13:26 | 000,000,000 | ---D | C] -- C:\Users\DonGonzales\Desktop\MFTools [2010.09.18 18:50:46 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2010.09.18 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.09.18 18:17:17 | 000,177,152 | ---- | C] (Alexander Roshal) -- C:\Windows\Vpipob.exe [2010.09.18 17:42:45 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.09.18 17:42:45 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.09.18 17:42:45 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.09.18 17:42:45 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.09.18 17:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.09.18 17:42:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.09.18 08:19:59 | 000,177,152 | ---- | C] (Alexander Roshal) -- C:\Windows\Vpipoa.exe [2010.09.17 19:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.09.17 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.09.17 19:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking [2010.09.16 22:00:18 | 000,000,000 | ---D | C] -- C:\341bf637d49e8974b3ea170010 [2010.09.16 07:48:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.09.16 07:44:51 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.09.10 09:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.09.10 09:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2009.08.22 03:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.18 19:27:33 | 006,553,600 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat [2010.09.18 19:24:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 19:24:34 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 19:19:25 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.09.18 19:17:20 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.09.18 19:17:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.18 19:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.18 19:16:48 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2010.09.18 18:34:53 | 000,102,412 | ---- | M] () -- C:\Users\DonGonzales\Documents\cc_20100918_183447.reg [2010.09.18 18:31:13 | 000,001,013 | ---- | M] () -- C:\Users\DonGonzales\Desktop\CCleaner.lnk [2010.09.18 18:16:54 | 000,177,152 | ---- | M] (Alexander Roshal) -- C:\Windows\Vpipob.exe [2010.09.18 18:13:15 | 000,007,671 | ---- | M] () -- C:\Users\DonGonzales\AppData\Local\resmon.resmoncfg [2010.09.18 17:43:26 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.18 08:19:48 | 000,177,152 | ---- | M] (Alexander Roshal) -- C:\Windows\Vpipoa.exe [2010.09.17 20:09:59 | 000,419,429 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.09.17 19:47:27 | 000,001,264 | ---- | M] () -- C:\Users\DonGonzales\Desktop\Spybot - Search & Destroy.lnk [2010.09.16 21:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms [2010.09.16 21:49:35 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 21:49:35 | 000,065,536 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TM.blf [2010.09.16 19:28:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.09.16 19:15:54 | 003,359,178 | -H-- | M] () -- C:\Users\DonGonzales\AppData\Local\IconCache.db [2010.09.16 19:08:12 | 000,135,168 | RHS- | M] () -- C:\Users\DonGonzales\qiuipu.exe [2010.09.16 08:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms [2010.09.16 08:17:33 | 000,524,288 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 08:17:33 | 000,065,536 | -HS- | M] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TM.blf [2010.09.14 16:12:13 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.09.12 13:02:43 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.12 13:02:43 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.12 13:02:43 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.12 13:02:43 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.12 13:02:43 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.31 00:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.18 18:34:50 | 000,102,412 | ---- | C] () -- C:\Users\DonGonzales\Documents\cc_20100918_183447.reg [2010.09.18 18:31:13 | 000,001,013 | ---- | C] () -- C:\Users\DonGonzales\Desktop\CCleaner.lnk [2010.09.18 17:43:26 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.18 08:19:51 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.09.17 19:47:27 | 000,001,264 | ---- | C] () -- C:\Users\DonGonzales\Desktop\Spybot - Search & Destroy.lnk [2010.09.16 21:49:34 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms [2010.09.16 21:49:34 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 21:49:34 | 000,065,536 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{dceeb2cb-c205-11df-b429-00262d61bd7b}.TM.blf [2010.09.16 19:08:12 | 000,135,168 | RHS- | C] () -- C:\Users\DonGonzales\qiuipu.exe [2010.09.16 08:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000002.regtrans-ms [2010.09.16 08:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 08:17:33 | 000,065,536 | -HS- | C] () -- C:\Users\DonGonzales\ntuser.dat{77a523cc-c194-11df-a995-00262d61bd7b}.TM.blf [2010.09.14 08:49:11 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.08.09 11:26:18 | 000,000,493 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.02.23 12:54:12 | 000,017,408 | ---- | C] () -- C:\Users\DonGonzales\AppData\Local\WebpageIcons.db [2010.01.05 13:04:44 | 000,007,671 | ---- | C] () -- C:\Users\DonGonzales\AppData\Local\resmon.resmoncfg [2009.12.23 18:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.05 15:36:23 | 000,001,768 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2009.11.05 07:31:57 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.11.05 07:12:32 | 000,008,308 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log [2009.11.05 07:11:37 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.08.22 03:43:39 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009.08.22 01:01:23 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.08.22 01:01:23 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.08.22 01:01:21 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.08.22 01:01:21 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.08.22 01:01:21 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 14:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 14:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [1997.11.17 10:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll ========== LOP Check ========== [2009.12.24 09:18:30 | 000,000,000 | -HSD | M] -- C:\Users\DonGonzales\AppData\Roaming\.# [2009.12.30 05:36:06 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\DAEMON Tools Lite [2010.03.30 11:04:50 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Facebook [2009.12.23 17:47:40 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\GameConsole [2009.12.26 08:06:25 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\GHISLER [2010.06.06 15:59:24 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\ICQ [2009.12.23 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Opera [2009.12.24 07:28:24 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\PowerCinema [2009.12.23 18:00:44 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\SoftDMA [2010.06.06 14:37:38 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Stardock [2010.02.05 09:07:54 | 000,000,000 | ---D | M] -- C:\Users\DonGonzales\AppData\Roaming\Thunderbird [2010.07.23 08:21:06 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job [2010.08.20 22:08:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.18 19:17:20 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.09.18 19:19:25 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F < End of report > |
|
20.09.2010, 09:32
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen3 auf win7 64bit systemZitat:
__________________ |
|
21.09.2010, 01:32
| #3 |
| | TR/Crypt.XPACK.Gen3 auf win7 64bit system ich bin mir nich ganz sicher ob du das meinst, aber die virusmeldung von antivir lautet in etwa immer:TR/Crypt.XPACK.Gen3 in C:/Benutzer/Colombia/sbnat.exe gefunden.
__________________falls du was anderes mit pfadangaben meinst spezifiere das doch mal bitte... bin nich so der crack ^^ irgendwie werden in dem Benutzerordner Colombia, was mein aktuelle Userkonto ist immer wieder diverse Dateien erstellt, wenn ich sie lösche sind sie nach ner weile wieder da. merkwürdig ist auch, das alle wechseldatenträger die ich anschliesse zwar angezeigt werden, wenn ich sie öffne werden die unterordner jedoch nur als link angezeigt. wenn ich die links dann öffne, öffnet sich ein neues fenster und ich kann auf die daten zugreifen. problem ist aber, das ich aus anderen programmen nicht auf die daten auf den wechseldatenträgern zugreifen kann, weil sie da nich angezeigt werden. wenn du weitere infos brauchst sag bescheid, auch wenn ich immer mit einigem zeitverzug antworte weil ich in kolumbien bin. grüße gonz |
|
21.09.2010, 10:35
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 auf win7 64bit systemZitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.09.2010, 23:02
| #5 | |
| | TR/Crypt.XPACK.Gen3 auf win7 64bit system Hier das MWB Log Zitat:
|
|
22.09.2010, 11:56
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 auf win7 64bit system CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> TR/Crypt.XPACK.Gen3 auf win7 64bit system |
|
| Themen zu TR/Crypt.XPACK.Gen3 auf win7 64bit system |
| 0 bytes, 64-bit, alternate, antivir, antivir guard, ask toolbar, ask.com, audiograbber, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, combofix, components, conduit, desktop, error, excel, extras.txt, fehler, firefox.exe, flash player, hijack, hijackthis, home premium, iastor.sys, install.exe, installation, jdownloader, launch, local\temp, location, locker, logfile, media center, microsoft office word, mozilla, mozilla thunderbird, mywinlocker, need for speed, office 2007, oldtimer, opera.exe, otl.exe, plug-in, programdata, realtek, registry, safer networking, saver, searchplugins, security, security update, shell32.dll, shortcut, software, sptd.sys, system, syswow64, total commander, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, trojaner, usb, usb 2.0, vlc media player, webcheck, win7 64bit, windows |
Textbox.
.
Linear-Darstellung
