| Rockhofener | 02.01.2011 13:25 |
TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da!
Hallo und frohes neues Jahr.
Bin ganz neu hier im Forum und hoffe auf eure Unterstützung. Mein Avira hat gefunden:
In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\imezezoc.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Hier der OTL-File
Was muss ich tun????OTL Logfile: Code:
OTL logfile created on: 02.01.2011 13:05:34 - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Jones\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 57,21 Gb Free Space | 39,72% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 71,66 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive H: | 1,83 Gb Total Space | 0,31 Gb Free Space | 16,73% Space Free | Partition Type: FAT
Computer Name: JONES-LAPPY | User Name: Jones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Jones\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\o2 Verbindungsmanager\BRService.exe (BandRich Inc.)
PRC - C:\Program Files\o2 Verbindungsmanager\CManager.exe (BandRich Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\Jones\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Jones\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
========== Win32 Services (SafeList) ==========
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BandLuxe_Service) -- C:\Program Files\o2 Verbindungsmanager\BRService.exe (BandRich Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (br3gmdm) -- C:\Windows\System32\drivers\br3gmdm.sys (BandRich Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.1und1.de/?ref=EasyLogin
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {E9BD34E2-E513-4215-8ECF-525A63A0ADF9}:1.9.1
FF - prefs.js..extensions.enabledItems: {19F5303C-453A-406D-B0E9-6FFAA07D5F63}:1.9.1
FF - HKLM\software\mozilla\Firefox\Extensions\\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9}: C:\Windows\system32\config\systemprofile\AppData\Local\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9}\ [2010.12.22 12:43:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{19F5303C-453A-406D-B0E9-6FFAA07D5F63}: C:\Users\Jones\AppData\Local\{19F5303C-453A-406D-B0E9-6FFAA07D5F63} [2010.12.23 15:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.30 00:29:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.30 00:29:20 | 000,000,000 | ---D | M]
[2010.10.02 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Extensions
[2010.10.02 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.02 03:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions
[2010.05.02 10:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.12 23:31:57 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.02 03:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.04 23:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.23 15:42:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JONES\APPDATA\LOCAL\{19F5303C-453A-406D-B0E9-6FFAA07D5F63}
[2010.12.22 12:43:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9}
[2010.06.04 23:23:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Gsezozabulamufoy] C:\Windows\System32\config\systemprofile\AppData\Local\imezezoc.DLL File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Transfer\Rockhofener\Jubimaschine\MBAviationImagesRichthofenBandAchtFr.jpg
O24 - Desktop BackupWallPaper: D:\Transfer\Rockhofener\Jubimaschine\MBAviationImagesRichthofenBandAchtFr.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell - "" = AutoRun
O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found
O33 - MountPoints2\{4fe6ea2d-6fb8-11de-aa47-8000600fe800}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{832e1beb-8113-11de-ab2e-8000600fe800}\Shell - "" = AutoRun
O33 - MountPoints2\{832e1beb-8113-11de-ab2e-8000600fe800}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b9ecfd7b-50b9-11df-85af-00238b6afaa8}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found
O33 - MountPoints2\{c6540ced-bff3-11de-b56e-00238b6afaa8}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{cc743eab-c36f-11df-8ff7-00238b6afaa8}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\AutoRun\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\dismount\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\start\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found
O33 - MountPoints2\{e8471dd3-9fab-11de-a597-00238b6afaa8}\Shell\AutoRun\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{e8471dd3-9fab-11de-a597-00238b6afaa8}\Shell\verb\command - "" = F:\installer.exe -- File not found
O33 - MountPoints2\{e8471ea9-9fab-11de-a597-00238b6afaa8}\Shell - "" = AutoRun
O33 - MountPoints2\{e8471ea9-9fab-11de-a597-00238b6afaa8}\Shell\AutoRun\command - "" = H:\AUTORUN_o2Surfstick.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.12.23 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter
[2010.12.23 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Local\{19F5303C-453A-406D-B0E9-6FFAA07D5F63}
[2010.12.22 11:48:27 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\AVS4YOU
[2010.12.22 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010.12.22 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\AVS4YOU
[2010.12.22 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2010.12.22 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2010.12.22 10:32:04 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2010.12.22 10:32:03 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2010.12.22 10:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010.12.22 10:30:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.12.22 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010.12.21 21:54:41 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\IMx3SEVer6
[2010.12.21 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010.12.21 20:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\hochzeitsvideo
[2010.12.17 21:53:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.17 21:53:30 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.17 21:53:30 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.17 21:53:30 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.17 21:53:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.17 21:53:27 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.17 21:53:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.17 21:53:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.17 21:53:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.17 21:53:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.17 21:53:21 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.17 21:53:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.17 21:53:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.17 21:53:18 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.17 21:53:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.10 18:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2008.11.28 03:43:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 30 Days ==========
[2011.01.02 12:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.02 11:17:39 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.02 11:17:39 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.02 11:17:39 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.02 11:17:39 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.02 11:13:57 | 000,242,923 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.01.02 11:12:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.02 11:12:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 11:12:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 11:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.02 11:12:09 | 3215,826,944 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 11:06:32 | 000,051,712 | ---- | M] () -- C:\Users\Jones\Desktop\endfassungen.MSWMM
[2011.01.02 10:05:57 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.01.02 08:57:50 | 000,242,923 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.01.01 03:06:00 | 000,000,000 | ---- | M] () -- C:\Users\Jones\AppData\Local\Umuyuteroyow.bin
[2011.01.01 03:05:59 | 000,000,120 | ---- | M] () -- C:\Users\Jones\AppData\Local\Vpoluresiqaquzuw.dat
[2010.12.30 00:29:21 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.23 15:36:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.12.22 17:48:14 | 000,229,376 | ---- | M] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.22 10:37:45 | 000,409,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.22 10:34:14 | 000,001,050 | ---- | M] () -- C:\Users\Jones\Desktop\AVS4YOU Software Navigator.lnk
[2010.12.22 10:33:04 | 000,000,958 | ---- | M] () -- C:\Users\Jones\Desktop\AVS Video Editor.lnk
[2010.12.21 19:57:25 | 000,007,592 | ---- | M] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat
[2010.12.13 17:56:26 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.12.13 17:55:52 | 010,915,840 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2010.12.13 17:55:48 | 010,833,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
========== Files Created - No Company Name ==========
[2011.01.02 11:06:32 | 000,051,712 | ---- | C] () -- C:\Users\Jones\Desktop\endfassungen.MSWMM
[2010.12.30 00:29:21 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.23 15:42:10 | 000,000,120 | ---- | C] () -- C:\Users\Jones\AppData\Local\Vpoluresiqaquzuw.dat
[2010.12.23 15:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Jones\AppData\Local\Umuyuteroyow.bin
[2010.12.22 10:34:14 | 000,001,050 | ---- | C] () -- C:\Users\Jones\Desktop\AVS4YOU Software Navigator.lnk
[2010.12.22 10:33:04 | 000,000,958 | ---- | C] () -- C:\Users\Jones\Desktop\AVS Video Editor.lnk
[2010.10.22 09:41:36 | 000,004,096 | -H-- | C] () -- C:\Users\Jones\AppData\Local\keyfile3.drm
[2010.03.19 21:56:48 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.10.30 09:45:35 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2009.07.01 16:32:08 | 000,000,110 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2009.07.01 14:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\asym.ini
[2009.06.14 12:36:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.21 14:11:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.05.21 14:10:48 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.05.18 14:10:21 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.05.18 13:32:46 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.05.16 17:36:18 | 000,229,376 | ---- | C] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.16 17:23:41 | 000,242,923 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.16 17:21:50 | 000,242,923 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.16 15:52:06 | 000,003,531 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.05.16 15:10:19 | 000,007,592 | ---- | C] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat
[2008.11.28 03:41:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.27 20:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.27 20:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.27 19:54:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.27 19:45:50 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2009.05.26 20:22:17 | 000,000,000 | -HSD | M] -- C:\Users\Jones\AppData\Roaming\.#
[2009.09.15 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\1&1
[2008.11.27 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Acer GameZone Console
[2009.05.19 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Cakewalk
[2009.05.18 13:32:36 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DAEMON Tools
[2010.10.12 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.16 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\eSobi
[2009.05.17 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Gaijin Ent
[2011.01.02 09:04:01 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\ICQ
[2009.05.21 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\MAGIX
[2009.05.17 00:17:40 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PlayFirst
[2009.05.16 17:57:11 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PowerCinema
[2010.10.02 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TomTom
[2011.01.02 11:02:14 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
OTL Extras logfile created on: 02.01.2011 13:05:35 - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Jones\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 57,21 Gb Free Space | 39,72% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 71,66 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Drive H: | 1,83 Gb Total Space | 0,31 Gb Free Space | 16,73% Space Free | Partition Type: FAT
Computer Name: JONES-LAPPY | User Name: Jones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A92C121-8F1A-4470-9B67-9A1220E02CDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1737E145-ACB0-40A0-A89F-360BAAC7BB6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FF0FB53-EC4A-4F9A-A748-E465BD53FEEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24045C1D-C087-4EC8-9AF9-BD09A386CAB3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{245082CD-9204-48BF-9FC6-E4105145DF97}" = lport=138 | protocol=17 | dir=in | app=system |
"{267DCAFE-1F72-47F4-A9A4-196AA2B26AEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{327BDB15-69F5-4D85-97FC-2785467C0307}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BE50DE2-7131-4E7D-A291-EEB80C229503}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3EDC5160-56C4-404C-813E-CDC82863359D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48A9BF9D-A284-45D2-AAFA-D0CF439BD216}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B07B87B-5493-4725-BF43-335BEF6AC0F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F067E97-30FD-4255-807C-3FEFE06DF86B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{622F3E76-F210-4139-AABD-7A59229629BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{687645A4-15D9-49A1-AF7E-95DA1CBE5B3A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77CB80CF-DB8E-4402-AC4B-4A67CA01A145}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7EE20C2D-898E-45FB-831B-2902433B0412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83D35944-D3D9-47AD-849B-B77C3A79C434}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86CEB524-4A11-4C9F-944E-2C063EA791EA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88A5CA96-5E8E-4408-9048-B5A82F748794}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D037BE2-D2A9-42C7-BFE0-1AF59ADFF167}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97FB803A-480B-4441-BFDC-1A59797E0FF9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A1DDD460-8B22-4C26-9B0A-F7C4BCB167B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{A69D25FA-71A3-4805-8101-C76D886B26E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1BB9DAE-5603-4D73-839B-39D78D8052A5}" = lport=137 | protocol=17 | dir=in | app=system |
"{B402C245-4911-46CE-A7C4-9D19125297C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5EFFE74-F388-4AAA-987B-9E4F1C895F3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B678A252-E4FB-4DF7-BDCA-AB0D310A0E96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC4FB24C-D21E-4796-B762-062D557B3710}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF3A448C-C09F-4EF4-8BBA-00BF27DFB302}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2358868-28FA-4070-906A-51E67D9F3159}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D09ED56B-E230-47E0-8212-C141CC4D2362}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE9562BC-54FA-46FF-A8DC-F0A5898128DE}" = rport=137 | protocol=17 | dir=out | app=system |
"{F549C83F-4441-439A-A01E-BA204F7BAD83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FBE6F3DF-6E0A-441B-8FCA-3492044D83A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0858ABF2-1850-42D4-B599-C40001E8761B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{086EC653-FA0A-43FA-AF16-462B8014B700}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08AF89A4-B2B7-48B5-B7B8-4079AB6CC83A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10A81BA1-52AD-4E87-9658-5B10A7E71C1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{148B3A7E-57B5-4EA4-8308-039A1058130F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{18F17F9D-70AE-4246-AD64-DF8932B34E7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D2699A9-AFA9-45E2-A695-2E93A3A8B4DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1E957802-7D42-4687-8ADD-3C35B35146A7}" = protocol=6 | dir=out | app=system |
"{21D66CD9-03EF-48BB-9C3B-CEE7133F14AA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{2978079F-278E-4322-9304-495E4DB48F00}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bumbastika\counter-strike source\hl2.exe |
"{2ECB4E8B-F80C-49FC-A3F9-11103CAD2E28}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{353917B1-6128-4DBC-BF53-BD5938F4E412}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{3BE5473D-7C67-474F-9BC8-627E6687B9A6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3D101548-D3E0-4352-9BE3-C3AA5100E30D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{463440D0-C136-4363-BB4B-6BAE6AAD4B2C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5920254E-3858-4C68-9994-43DF6AEFDA8B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{5CA7D81D-F69D-4E4A-8E73-0F75E99A62A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{601F1F4B-97D8-4E88-9971-4F614965E0FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bumbastika\counter-strike source\hl2.exe |
"{63A800EA-0D37-4543-B83A-896527C3A505}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CEDC1AA-E093-492F-8834-AC8C30ED8A69}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F1D1B27-7BF8-460D-8D39-D49E26D98EFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7115C579-8AA4-4537-B95E-1613032DF07D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77D3C692-2DB7-4551-9DDF-1E90BD2A4E2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7AAA7D8A-DD25-43B9-A9E7-6C4603F4EA3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86D24BD9-3A52-4A6D-808A-611CF7EA8472}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8844C102-F83F-40D9-92F3-D9059E3A0A62}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{8CD85602-DA40-46F2-820F-4FADE78CF4CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{940469E4-4C7C-42FE-8827-77B2BC360C22}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9D171043-D6CB-4413-97F3-FBC1C0B9B607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DBBAEBE-39B7-4BA8-811B-DAF7BC7508FD}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{A08DFB95-ED70-48AF-9BC8-EBA54A1B280F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A1FD9C47-AA4F-48AD-B523-7C93D99152AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6679CBE-B2B1-43B8-A0F6-57BB4284EEBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B112C92A-3AFC-4F99-8C03-DF23F6102F9A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{B2A73551-878A-4751-8521-9F1B07D776C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A1984D-5A85-4C8E-B933-EBE0E1BDC1C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9DE9609-B655-48BB-A23C-7D89B5297552}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{BC2A7BB4-192A-4E70-B019-2D189DA89F3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BFD6F2B4-AB7D-4190-A596-AFCD1DFFB85B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C1CF9554-9D54-44C7-9F76-FCE849912332}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C7E69E79-1E2D-41E7-A04B-DA852AD406E5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C8318094-A15F-4BFF-9EA3-A46DBF72B8C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF11998B-8036-4A2C-ABC0-744CFDBB2AB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D05E096C-18EC-4FCD-A856-7A9812963225}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{DAE1FEC5-24BA-4D20-8625-B502565A3151}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA4E213C-9982-4A14-842F-AF09881CC865}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF5D0301-041E-4139-961D-8E10C5B42D82}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FA0E3BAB-7B8E-49F6-A8AF-73CA724FFDEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE035979-3FB6-43AF-B33A-B0C3751E2F06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{070A0E2B-0EE5-4DE3-B4A5-AFAE00DAA864}D:\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=d:\cs + mods\half-life lan\hl.exe |
"TCP Query User{07736C32-B23E-460B-8942-2B7ABABF46B5}H:\spiele\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=h:\spiele\cs + mods\half-life lan\hl.exe |
"TCP Query User{0F6EAA3E-0901-4ABF-B28E-41B0930ABB18}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1E27EBAB-B687-40F5-AD9E-773C2FDB1188}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{5601A8C1-8DEA-45FD-B2B8-6A74B350F394}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6A667FB3-645B-44DF-9B36-5EA0D51AA8C6}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{6E1465E9-619F-4402-B2DC-305853D6A159}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{B583BF37-D451-4C39-ABD1-5F167E08F001}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe |
"TCP Query User{D0163312-76E3-4DE3-BD09-85C1CE4171E2}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe |
"TCP Query User{E7E2E446-3D80-499E-805A-2CF3C265963A}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{0C11AE68-AF92-4560-B19C-CD6BD11FB0A1}D:\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=d:\cs + mods\half-life lan\hl.exe |
"UDP Query User{404C84B8-FFB4-4CA7-9FF4-594D95FA19CD}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
"UDP Query User{57ABBFDC-F00E-4FA9-AB09-7804065805C6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{73AE7C5D-25FD-41F6-8D74-8D75C1FE927C}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe |
"UDP Query User{755F9370-2B21-43CB-9E37-A2C9784D095E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{878E3B6C-A38D-43EB-A330-B5C19444DE45}H:\spiele\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=h:\spiele\cs + mods\half-life lan\hl.exe |
"UDP Query User{89414AF8-4D0B-4D50-A223-983D5B032F3E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{AEB7E875-74BD-4B83-92A1-B359534223CF}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe |
"UDP Query User{C431D75A-D855-4A80-9A70-65AC2B566A5D}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe |
"UDP Query User{F88CE8AB-D319-471F-A2C7-42268922AB64}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6A5CC193-FA73-4D82-8F33-A33AAD7471E0}" = o2 Verbindungsmanager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C2A05B5-A80C-4F33-A388-51D46790AC9F}" = VAG-COM 311 Deutsch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EC14056-1A97-11D8-A8F3-0050DA519711}" = VAG-COM 303 Deutsch
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SONAR6Producer_is1" = SONAR 6 Producer Edition
"Steam App 240" = Counter-Strike: Source
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VentriloMIX" = VentriloMIX
"VLC media player" = VLC media player 0.9.9
"WIB-Wachdienst in der Bundeswehr_is1" = WIB V1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2010 13:33:39 | Computer Name = Jones-Lappy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SONARPDR.exe, Version 15.0.0.203, Zeitstempel
0x45058338, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fbae, Prozess-ID 0xe30,
Anwendungsstartzeit 01cb99352b3e6f64.
Error - 15.12.2010 13:07:57 | Computer Name = Jones-Lappy | Source = RasClient | ID = 20227
Description =
Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.12.2010 17:15:50 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.12.2010 10:16:34 | Computer Name = Jones-Lappy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SONARPDR.EXE, Version 15.0.0.203, Zeitstempel
0x45058338, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x142c, Anwendungsstartzeit
01cb9eacc0316fe0.
Error - 20.12.2010 16:38:01 | Computer Name = Jones-Lappy | Source = RasClient | ID = 20227
Description =
Error - 21.12.2010 16:44:06 | Computer Name = Jones-Lappy | Source = VSS | ID = 8194
Description =
Error - 21.12.2010 16:52:55 | Computer Name = Jones-Lappy | Source = VSS | ID = 8194
Description =
[ Media Center Events ]
Error - 12.12.2010 09:00:57 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 34
Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der
TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang
später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 17.12.2010 16:49:21 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 23.12.2010 10:44:53 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 24.12.2010 11:23:54 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 25.12.2010 06:21:32 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 25.12.2010 06:23:32 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 27.12.2010 05:12:51 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 27.12.2010 14:47:26 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 28.12.2010 19:17:14 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
Error - 29.12.2010 09:21:23 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3
Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für
das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert
sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain
Objektname:
Microsoft.Ehome.Epg.EhepgdatSingleton
[ OSession Events ]
Error - 16.07.2009 01:47:46 | Computer Name = Jones-Lappy | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 67104 seconds with 11280 seconds of active time. This session ended with
a crash.
[ System Events ]
Error - 24.12.2010 15:12:21 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7009
Description =
Error - 25.12.2010 06:21:32 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010
Description =
Error - 27.12.2010 05:12:50 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010
Description =
Error - 27.12.2010 05:24:57 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10005
Description =
Error - 28.12.2010 19:17:14 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010
Description =
Error - 29.12.2010 09:22:48 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10005
Description =
Error - 29.12.2010 09:46:30 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7011
Description =
Error - 30.12.2010 18:43:59 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7032
Description =
Error - 01.01.2011 21:28:17 | Computer Name = Jones-Lappy | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.01.2011 um 02:26:21 unerwartet heruntergefahren.
Error - 02.01.2011 06:12:29 | Computer Name = Jones-Lappy | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.01.2011 um 11:10:40 unerwartet heruntergefahren.
< End of report >
--- --- --- |
