|
Mülltonne: TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da!Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
02.01.2011, 13:25 | #1 |
| TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da! Hallo und frohes neues Jahr. Bin ganz neu hier im Forum und hoffe auf eure Unterstützung. Mein Avira hat gefunden: In der Datei 'C:\Windows\System32\config\systemprofile\AppData\Local\imezezoc.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Hier der OTL-File Was muss ich tun????OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.01.2011 13:05:34 - Run 1 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Jones\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 57,21 Gb Free Space | 39,72% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 71,66 Gb Free Space | 51,01% Space Free | Partition Type: NTFS Drive H: | 1,83 Gb Total Space | 0,31 Gb Free Space | 16,73% Space Free | Partition Type: FAT Computer Name: JONES-LAPPY | User Name: Jones | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jones\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\o2 Verbindungsmanager\BRService.exe (BandRich Inc.) PRC - C:\Program Files\o2 Verbindungsmanager\CManager.exe (BandRich Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Jones\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Jones\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\SysHook.dll (Acer Inc.) ========== Win32 Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BandLuxe_Service) -- C:\Program Files\o2 Verbindungsmanager\BRService.exe (BandRich Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (br3gmdm) -- C:\Windows\System32\drivers\br3gmdm.sys (BandRich Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0509&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.1und1.de/?ref=EasyLogin IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {E9BD34E2-E513-4215-8ECF-525A63A0ADF9}:1.9.1 FF - prefs.js..extensions.enabledItems: {19F5303C-453A-406D-B0E9-6FFAA07D5F63}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9}: C:\Windows\system32\config\systemprofile\AppData\Local\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9}\ [2010.12.22 12:43:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{19F5303C-453A-406D-B0E9-6FFAA07D5F63}: C:\Users\Jones\AppData\Local\{19F5303C-453A-406D-B0E9-6FFAA07D5F63} [2010.12.23 15:42:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.30 00:29:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.30 00:29:20 | 000,000,000 | ---D | M] [2010.10.02 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Extensions [2010.10.02 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.01.02 03:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions [2010.05.02 10:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.12 23:31:57 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jones\AppData\Roaming\mozilla\Firefox\Profiles\0eoebr5k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.01.02 03:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.06.04 23:23:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.12.23 15:42:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JONES\APPDATA\LOCAL\{19F5303C-453A-406D-B0E9-6FFAA07D5F63} [2010.12.22 12:43:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\{E9BD34E2-E513-4215-8ECF-525A63A0ADF9} [2010.06.04 23:23:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [Gsezozabulamufoy] C:\Windows\System32\config\systemprofile\AppData\Local\imezezoc.DLL File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Transfer\Rockhofener\Jubimaschine\MBAviationImagesRichthofenBandAchtFr.jpg O24 - Desktop BackupWallPaper: D:\Transfer\Rockhofener\Jubimaschine\MBAviationImagesRichthofenBandAchtFr.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell - "" = AutoRun O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe -- File not found O33 - MountPoints2\{3351f0b8-43a8-11de-a645-00238b6afaa8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe -- File not found O33 - MountPoints2\{4fe6ea2d-6fb8-11de-aa47-8000600fe800}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found O33 - MountPoints2\{832e1beb-8113-11de-ab2e-8000600fe800}\Shell - "" = AutoRun O33 - MountPoints2\{832e1beb-8113-11de-ab2e-8000600fe800}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{b9ecfd7b-50b9-11df-85af-00238b6afaa8}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found O33 - MountPoints2\{c6540ced-bff3-11de-b56e-00238b6afaa8}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe -- File not found O33 - MountPoints2\{cc743eab-c36f-11df-8ff7-00238b6afaa8}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\AutoRun\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\dismount\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found O33 - MountPoints2\{e3988475-5bc7-11de-8291-8000600fe800}\Shell\start\command - "" = F:\TrueCrypt\TrueCrypt.exe -- File not found O33 - MountPoints2\{e8471dd3-9fab-11de-a597-00238b6afaa8}\Shell\AutoRun\command - "" = F:\installer.exe -- File not found O33 - MountPoints2\{e8471dd3-9fab-11de-a597-00238b6afaa8}\Shell\verb\command - "" = F:\installer.exe -- File not found O33 - MountPoints2\{e8471ea9-9fab-11de-a597-00238b6afaa8}\Shell - "" = AutoRun O33 - MountPoints2\{e8471ea9-9fab-11de-a597-00238b6afaa8}\Shell\AutoRun\command - "" = H:\AUTORUN_o2Surfstick.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.23 16:09:32 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter [2010.12.23 15:42:00 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Local\{19F5303C-453A-406D-B0E9-6FFAA07D5F63} [2010.12.22 11:48:27 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\AVS4YOU [2010.12.22 10:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010.12.22 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\AVS4YOU [2010.12.22 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2010.12.22 10:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2010.12.22 10:32:04 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll [2010.12.22 10:32:03 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll [2010.12.22 10:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2010.12.22 10:30:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.12.22 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2010.12.21 21:54:41 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\IMx3SEVer6 [2010.12.21 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA [2010.12.21 20:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\hochzeitsvideo [2010.12.17 21:53:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.17 21:53:30 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.17 21:53:30 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.17 21:53:30 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.17 21:53:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.17 21:53:27 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.17 21:53:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.17 21:53:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.17 21:53:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.17 21:53:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.17 21:53:21 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.17 21:53:19 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.17 21:53:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.17 21:53:18 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.17 21:53:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.12.10 18:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2008.11.28 03:43:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.01.02 12:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.02 11:17:39 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.02 11:17:39 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.02 11:17:39 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.02 11:17:39 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.02 11:13:57 | 000,242,923 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.02 11:12:49 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.02 11:12:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 11:12:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 11:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.02 11:12:09 | 3215,826,944 | -HS- | M] () -- C:\hiberfil.sys [2011.01.02 11:06:32 | 000,051,712 | ---- | M] () -- C:\Users\Jones\Desktop\endfassungen.MSWMM [2011.01.02 10:05:57 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.02 08:57:50 | 000,242,923 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.01 03:06:00 | 000,000,000 | ---- | M] () -- C:\Users\Jones\AppData\Local\Umuyuteroyow.bin [2011.01.01 03:05:59 | 000,000,120 | ---- | M] () -- C:\Users\Jones\AppData\Local\Vpoluresiqaquzuw.dat [2010.12.30 00:29:21 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.12.23 15:36:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.12.22 17:48:14 | 000,229,376 | ---- | M] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.22 10:37:45 | 000,409,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.22 10:34:14 | 000,001,050 | ---- | M] () -- C:\Users\Jones\Desktop\AVS4YOU Software Navigator.lnk [2010.12.22 10:33:04 | 000,000,958 | ---- | M] () -- C:\Users\Jones\Desktop\AVS Video Editor.lnk [2010.12.21 19:57:25 | 000,007,592 | ---- | M] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat [2010.12.13 17:56:26 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.12.13 17:55:52 | 010,915,840 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll [2010.12.13 17:55:48 | 010,833,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll ========== Files Created - No Company Name ========== [2011.01.02 11:06:32 | 000,051,712 | ---- | C] () -- C:\Users\Jones\Desktop\endfassungen.MSWMM [2010.12.30 00:29:21 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.12.23 15:42:10 | 000,000,120 | ---- | C] () -- C:\Users\Jones\AppData\Local\Vpoluresiqaquzuw.dat [2010.12.23 15:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Jones\AppData\Local\Umuyuteroyow.bin [2010.12.22 10:34:14 | 000,001,050 | ---- | C] () -- C:\Users\Jones\Desktop\AVS4YOU Software Navigator.lnk [2010.12.22 10:33:04 | 000,000,958 | ---- | C] () -- C:\Users\Jones\Desktop\AVS Video Editor.lnk [2010.10.22 09:41:36 | 000,004,096 | -H-- | C] () -- C:\Users\Jones\AppData\Local\keyfile3.drm [2010.03.19 21:56:48 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.10.30 09:45:35 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI [2009.07.01 16:32:08 | 000,000,110 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini [2009.07.01 14:32:08 | 000,000,000 | ---- | C] () -- C:\Windows\asym.ini [2009.06.14 12:36:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.21 14:11:18 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.05.21 14:10:48 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.05.18 14:10:21 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2009.05.18 13:32:46 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.05.16 17:36:18 | 000,229,376 | ---- | C] () -- C:\Users\Jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.16 17:23:41 | 000,242,923 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.16 17:21:50 | 000,242,923 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.16 15:52:06 | 000,003,531 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.05.16 15:10:19 | 000,007,592 | ---- | C] () -- C:\Users\Jones\AppData\Local\d3d9caps.dat [2008.11.28 03:41:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.27 20:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.11.27 20:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.27 19:54:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.11.27 19:45:50 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.05.26 20:22:17 | 000,000,000 | -HSD | M] -- C:\Users\Jones\AppData\Roaming\.# [2009.09.15 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\1&1 [2008.11.27 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Acer GameZone Console [2009.05.19 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Cakewalk [2009.05.18 13:32:36 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DAEMON Tools [2010.10.12 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DVDVideoSoftIEHelpers [2009.05.16 17:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\eSobi [2009.05.17 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Gaijin Ent [2011.01.02 09:04:01 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\ICQ [2009.05.21 14:14:22 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\MAGIX [2009.05.17 00:17:40 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PlayFirst [2009.05.16 17:57:11 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\PowerCinema [2010.10.02 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TomTom [2011.01.02 11:02:14 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== OTL Extras logfile created on: 02.01.2011 13:05:35 - Run 1 OTL by OldTimer - Version 3.2.20.0 Folder = C:\Users\Jones\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 57,21 Gb Free Space | 39,72% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 71,66 Gb Free Space | 51,01% Space Free | Partition Type: NTFS Drive H: | 1,83 Gb Total Space | 0,31 Gb Free Space | 16,73% Space Free | Partition Type: FAT Computer Name: JONES-LAPPY | User Name: Jones | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A92C121-8F1A-4470-9B67-9A1220E02CDD}" = lport=2869 | protocol=6 | dir=in | app=system | "{1737E145-ACB0-40A0-A89F-360BAAC7BB6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1FF0FB53-EC4A-4F9A-A748-E465BD53FEEE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{24045C1D-C087-4EC8-9AF9-BD09A386CAB3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{245082CD-9204-48BF-9FC6-E4105145DF97}" = lport=138 | protocol=17 | dir=in | app=system | "{267DCAFE-1F72-47F4-A9A4-196AA2B26AEB}" = lport=139 | protocol=6 | dir=in | app=system | "{327BDB15-69F5-4D85-97FC-2785467C0307}" = lport=445 | protocol=6 | dir=in | app=system | "{3BE50DE2-7131-4E7D-A291-EEB80C229503}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3EDC5160-56C4-404C-813E-CDC82863359D}" = lport=2869 | protocol=6 | dir=in | app=system | "{48A9BF9D-A284-45D2-AAFA-D0CF439BD216}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B07B87B-5493-4725-BF43-335BEF6AC0F3}" = rport=10243 | protocol=6 | dir=out | app=system | "{4F067E97-30FD-4255-807C-3FEFE06DF86B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{622F3E76-F210-4139-AABD-7A59229629BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{687645A4-15D9-49A1-AF7E-95DA1CBE5B3A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{77CB80CF-DB8E-4402-AC4B-4A67CA01A145}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7EE20C2D-898E-45FB-831B-2902433B0412}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{83D35944-D3D9-47AD-849B-B77C3A79C434}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{86CEB524-4A11-4C9F-944E-2C063EA791EA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{88A5CA96-5E8E-4408-9048-B5A82F748794}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8D037BE2-D2A9-42C7-BFE0-1AF59ADFF167}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{97FB803A-480B-4441-BFDC-1A59797E0FF9}" = lport=10243 | protocol=6 | dir=in | app=system | "{A1DDD460-8B22-4C26-9B0A-F7C4BCB167B9}" = rport=138 | protocol=17 | dir=out | app=system | "{A69D25FA-71A3-4805-8101-C76D886B26E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B1BB9DAE-5603-4D73-839B-39D78D8052A5}" = lport=137 | protocol=17 | dir=in | app=system | "{B402C245-4911-46CE-A7C4-9D19125297C5}" = rport=139 | protocol=6 | dir=out | app=system | "{B5EFFE74-F388-4AAA-987B-9E4F1C895F3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B678A252-E4FB-4DF7-BDCA-AB0D310A0E96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BC4FB24C-D21E-4796-B762-062D557B3710}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BF3A448C-C09F-4EF4-8BBA-00BF27DFB302}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C2358868-28FA-4070-906A-51E67D9F3159}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D09ED56B-E230-47E0-8212-C141CC4D2362}" = rport=445 | protocol=6 | dir=out | app=system | "{EE9562BC-54FA-46FF-A8DC-F0A5898128DE}" = rport=137 | protocol=17 | dir=out | app=system | "{F549C83F-4441-439A-A01E-BA204F7BAD83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{FBE6F3DF-6E0A-441B-8FCA-3492044D83A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0858ABF2-1850-42D4-B599-C40001E8761B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{086EC653-FA0A-43FA-AF16-462B8014B700}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{08AF89A4-B2B7-48B5-B7B8-4079AB6CC83A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{10A81BA1-52AD-4E87-9658-5B10A7E71C1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{148B3A7E-57B5-4EA4-8308-039A1058130F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{18F17F9D-70AE-4246-AD64-DF8932B34E7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D2699A9-AFA9-45E2-A695-2E93A3A8B4DB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1E957802-7D42-4687-8ADD-3C35B35146A7}" = protocol=6 | dir=out | app=system | "{21D66CD9-03EF-48BB-9C3B-CEE7133F14AA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{2978079F-278E-4322-9304-495E4DB48F00}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bumbastika\counter-strike source\hl2.exe | "{2ECB4E8B-F80C-49FC-A3F9-11103CAD2E28}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{353917B1-6128-4DBC-BF53-BD5938F4E412}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{3BE5473D-7C67-474F-9BC8-627E6687B9A6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{3D101548-D3E0-4352-9BE3-C3AA5100E30D}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{463440D0-C136-4363-BB4B-6BAE6AAD4B2C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{5920254E-3858-4C68-9994-43DF6AEFDA8B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | "{5CA7D81D-F69D-4E4A-8E73-0F75E99A62A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{601F1F4B-97D8-4E88-9971-4F614965E0FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bumbastika\counter-strike source\hl2.exe | "{63A800EA-0D37-4543-B83A-896527C3A505}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6CEDC1AA-E093-492F-8834-AC8C30ED8A69}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6F1D1B27-7BF8-460D-8D39-D49E26D98EFD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7115C579-8AA4-4537-B95E-1613032DF07D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{77D3C692-2DB7-4551-9DDF-1E90BD2A4E2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7AAA7D8A-DD25-43B9-A9E7-6C4603F4EA3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{86D24BD9-3A52-4A6D-808A-611CF7EA8472}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{8844C102-F83F-40D9-92F3-D9059E3A0A62}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{8CD85602-DA40-46F2-820F-4FADE78CF4CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{940469E4-4C7C-42FE-8827-77B2BC360C22}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{9D171043-D6CB-4413-97F3-FBC1C0B9B607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DBBAEBE-39B7-4BA8-811B-DAF7BC7508FD}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{A08DFB95-ED70-48AF-9BC8-EBA54A1B280F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A1FD9C47-AA4F-48AD-B523-7C93D99152AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A6679CBE-B2B1-43B8-A0F6-57BB4284EEBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B112C92A-3AFC-4F99-8C03-DF23F6102F9A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{B2A73551-878A-4751-8521-9F1B07D776C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3A1984D-5A85-4C8E-B933-EBE0E1BDC1C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9DE9609-B655-48BB-A23C-7D89B5297552}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{BC2A7BB4-192A-4E70-B019-2D189DA89F3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BFD6F2B4-AB7D-4190-A596-AFCD1DFFB85B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{C1CF9554-9D54-44C7-9F76-FCE849912332}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{C7E69E79-1E2D-41E7-A04B-DA852AD406E5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{C8318094-A15F-4BFF-9EA3-A46DBF72B8C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CF11998B-8036-4A2C-ABC0-744CFDBB2AB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D05E096C-18EC-4FCD-A856-7A9812963225}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | "{DAE1FEC5-24BA-4D20-8625-B502565A3151}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EA4E213C-9982-4A14-842F-AF09881CC865}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EF5D0301-041E-4139-961D-8E10C5B42D82}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{FA0E3BAB-7B8E-49F6-A8AF-73CA724FFDEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FE035979-3FB6-43AF-B33A-B0C3751E2F06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{070A0E2B-0EE5-4DE3-B4A5-AFAE00DAA864}D:\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=d:\cs + mods\half-life lan\hl.exe | "TCP Query User{07736C32-B23E-460B-8942-2B7ABABF46B5}H:\spiele\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=h:\spiele\cs + mods\half-life lan\hl.exe | "TCP Query User{0F6EAA3E-0901-4ABF-B28E-41B0930ABB18}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{1E27EBAB-B687-40F5-AD9E-773C2FDB1188}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{5601A8C1-8DEA-45FD-B2B8-6A74B350F394}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{6A667FB3-645B-44DF-9B36-5EA0D51AA8C6}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{6E1465E9-619F-4402-B2DC-305853D6A159}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "TCP Query User{B583BF37-D451-4C39-ABD1-5F167E08F001}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe | "TCP Query User{D0163312-76E3-4DE3-BD09-85C1CE4171E2}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=6 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe | "TCP Query User{E7E2E446-3D80-499E-805A-2CF3C265963A}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{0C11AE68-AF92-4560-B19C-CD6BD11FB0A1}D:\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=d:\cs + mods\half-life lan\hl.exe | "UDP Query User{404C84B8-FFB4-4CA7-9FF4-594D95FA19CD}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | "UDP Query User{57ABBFDC-F00E-4FA9-AB09-7804065805C6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{73AE7C5D-25FD-41F6-8D74-8D75C1FE927C}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe | "UDP Query User{755F9370-2B21-43CB-9E37-A2C9784D095E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{878E3B6C-A38D-43EB-A330-B5C19444DE45}H:\spiele\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=h:\spiele\cs + mods\half-life lan\hl.exe | "UDP Query User{89414AF8-4D0B-4D50-A223-983D5B032F3E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{AEB7E875-74BD-4B83-92A1-B359534223CF}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{C431D75A-D855-4A80-9A70-65AC2B566A5D}C:\users\jones\saved games\cs + mods\half-life lan\hl.exe" = protocol=17 | dir=in | app=c:\users\jones\saved games\cs + mods\half-life lan\hl.exe | "UDP Query User{F88CE8AB-D319-471F-A2C7-42268922AB64}C:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6A5CC193-FA73-4D82-8F33-A33AAD7471E0}" = o2 Verbindungsmanager "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C2A05B5-A80C-4F33-A388-51D46790AC9F}" = VAG-COM 311 Deutsch "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EC14056-1A97-11D8-A8F3-0050DA519711}" = VAG-COM 303 Deutsch "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 5 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free YouTube Download_is1" = Free YouTube Download 2.10 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FTDICOMM" = FTDI USB Serial Converter Drivers "GridVista" = Acer GridVista "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "LManager" = Launch Manager "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SONAR6Producer_is1" = SONAR 6 Producer Edition "Steam App 240" = Counter-Strike: Source "SynTPDeinstKey" = Synaptics Pointing Device Driver "TomTom HOME" = TomTom HOME 2.7.6.2056 "Uninstall_is1" = Uninstall 1.0.0.1 "VentriloMIX" = VentriloMIX "VLC media player" = VLC media player 0.9.9 "WIB-Wachdienst in der Bundeswehr_is1" = WIB V1.0 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinZip" = WinZip ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.12.2010 13:33:39 | Computer Name = Jones-Lappy | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SONARPDR.exe, Version 15.0.0.203, Zeitstempel 0x45058338, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e037dd, Ausnahmecode 0xe06d7363, Fehleroffset 0x0003fbae, Prozess-ID 0xe30, Anwendungsstartzeit 01cb99352b3e6f64. Error - 15.12.2010 13:07:57 | Computer Name = Jones-Lappy | Source = RasClient | ID = 20227 Description = Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = WinMgmt | ID = 10 Description = Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.12.2010 17:13:47 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.12.2010 17:15:50 | Computer Name = Jones-Lappy | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 10:16:34 | Computer Name = Jones-Lappy | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SONARPDR.EXE, Version 15.0.0.203, Zeitstempel 0x45058338, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000374, Fehleroffset 0x000afaf8, Prozess-ID 0x142c, Anwendungsstartzeit 01cb9eacc0316fe0. Error - 20.12.2010 16:38:01 | Computer Name = Jones-Lappy | Source = RasClient | ID = 20227 Description = Error - 21.12.2010 16:44:06 | Computer Name = Jones-Lappy | Source = VSS | ID = 8194 Description = Error - 21.12.2010 16:52:55 | Computer Name = Jones-Lappy | Source = VSS | ID = 8194 Description = [ Media Center Events ] Error - 12.12.2010 09:00:57 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 34 Description = Ereignisinformationen: Ermittlungsdienst: Unerwarteter Fehler. Der TV-Programmlistendienst ist zurzeit nicht verfügbar. Wiederholen Sie den Vorgang später. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 17.12.2010 16:49:21 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 23.12.2010 10:44:53 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide Error - 24.12.2010 11:23:54 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 25.12.2010 06:21:32 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 25.12.2010 06:23:32 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 27.12.2010 05:12:51 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 27.12.2010 14:47:26 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 28.12.2010 19:17:14 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton Error - 29.12.2010 09:21:23 | Computer Name = Jones-Lappy | Source = Media Center Guide | ID = 3 Description = Ereignisinformationen: Fehler beim Starten des Downloadvorgangs für das TV-Programm. Der intelligente Hintergrundübertragungsdienst (BITS) muss installiert sein. Weitere Informationen finden Sie im Hilfe- und Supportcenter. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton [ OSession Events ] Error - 16.07.2009 01:47:46 | Computer Name = Jones-Lappy | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 67104 seconds with 11280 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.12.2010 15:12:21 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7009 Description = Error - 25.12.2010 06:21:32 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010 Description = Error - 27.12.2010 05:12:50 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010 Description = Error - 27.12.2010 05:24:57 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10005 Description = Error - 28.12.2010 19:17:14 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10010 Description = Error - 29.12.2010 09:22:48 | Computer Name = Jones-Lappy | Source = DCOM | ID = 10005 Description = Error - 29.12.2010 09:46:30 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7011 Description = Error - 30.12.2010 18:43:59 | Computer Name = Jones-Lappy | Source = Service Control Manager | ID = 7032 Description = Error - 01.01.2011 21:28:17 | Computer Name = Jones-Lappy | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 02.01.2011 um 02:26:21 unerwartet heruntergefahren. Error - 02.01.2011 06:12:29 | Computer Name = Jones-Lappy | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 02.01.2011 um 11:10:40 unerwartet heruntergefahren. < End of report > |
10.01.2011, 17:22 | #2 |
/// Selecta Jahrusso | TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da! Hier gehts weiter http://www.trojaner-board.de/94375-a...zezoc-dll.html
__________________
__________________ |
Themen zu TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da! |
antivir, avgntflt.sys, avira, bho, call of duty, corp./icp, counter-strike source, desktop, error, excel, failed, firefox, firefox.exe, flash player, google earth, home, home premium, iastor.sys, install.exe, launch, location, logfile, media center, microsoft office word, mp3, ntdll.dll, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl-file, otl.exe, plug-in, popup, programdata, programm, realtek, registry, saver, scan, sched.exe, searchplugins, security update, shell32.dll, skype.exe, software, sptd.sys, start menu, starten, studio, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, usb 2.0, virus, vista, visual studio, vlc media player, windows, world at war |