| |
| |||||||
Log-Analyse und Auswertung: Problem mit CTV****.exe Malware/WurmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2010, 04:05
| #1 |
| |  Problem mit CTV****.exe Malware/Wurm ]Hallo allerseits, seit gestern Abend habe ich Probleme mit Popups von avast! mit einer Malware Meldung im Temp Ordner. Der Name der .exe ist immer in der Form CTV****.exe wobei die **** für Zahlen stehen. Auch nach einem Intensiv-Scan, scheint das Problem nicht behoben zu sein, weswegen ich mich nun an euch wende. Der Anleitung zufolge Füge ich die Reports von Malwarebytes-Anti-Malware sowie OTL hinzu. CCleaner habe ich bereits durchgeführt. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org
Datenbank Version: 4339
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.07.2010 04:43:50
mbam-log-2010-07-23 (04-43-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129821
Laufzeit: 5 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 23.07.2010 04:46:40 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = E:\Users\****\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): e:\pagefile.sys 6141 6141 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TEST-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Users\****\Desktop\0.8075334254641203.exe File not found PRC - E:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Opera\opera.exe (Opera Software) PRC - D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - E:\NM Monitor\nmmonitor.exe () PRC - D:\Avast4\ashDisp.exe (ALWIL Software) PRC - D:\Avast4\ashServ.exe (ALWIL Software) PRC - D:\Avast4\ashWebSv.exe (ALWIL Software) PRC - D:\Avast4\ashSimpl.exe (ALWIL Software) PRC - D:\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - E:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation) SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- D:\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- D:\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- D:\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- D:\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (NMSAccessU) -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys File not found DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys File not found DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys File not found DRV:64bit: - (hwinterface) -- C:\Windows\SysNative\Drivers\hwinterface.sys File not found DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL File not found DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL File not found DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL File not found DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\Windows\SysNative\drivers\spc1330.sys () DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\drivers\phaudlwr.sys (Philips Applied Technologies) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Buzz) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 95 63 43 DA AC CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://tv.esl.eu/de/" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.29 00:59:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: D:\Mozilla Firefox\components [2010.07.22 18:40:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.22 18:40:52 | 000,000,000 | ---D | M] [2010.05.24 21:12:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Extensions [2010.05.24 21:12:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.10 14:37:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qbn47nrx.default\extensions O1 HOSTS File: ([2010.07.23 03:03:53 | 000,414,814 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 w*w.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 w*w.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 w*w.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 w*w.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 w*w.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 w*w.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 w*w.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 w*w.100888290cs.com O1 - Hosts: 127.0.0.1 w*w.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 w*w.10sek.com O1 - Hosts: 127.0.0.1 w*w.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14321 more lines... O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [avast!] D:\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [NM Monitor] E:\NM Monitor\nmmonitor.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell - "" = AutoRun O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.23 04:37:58 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\Malwarebytes [2010.07.23 04:37:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.23 04:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.23 04:37:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.23 04:36:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- E:\Users\****\Desktop\mbam-setup.exe [2010.07.23 04:36:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe [2010.07.23 03:26:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.23 03:12:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Local\Sunbelt Software [2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.07.23 02:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.07.20 23:54:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\foobar2000 [2010.07.18 01:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010.07.18 01:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2010.07.18 01:54:05 | 000,000,000 | ---D | C] -- C:\ATI [2010.07.17 23:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.07.17 00:15:15 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe [2010.07.17 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative [2010.07.14 12:00:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.07.13 14:08:29 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Immersion [2010.07.12 01:33:25 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\vlc [2010.07.11 23:51:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\oggy [2010.07.11 23:38:19 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Biber [2010.07.09 19:39:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\n!takken [2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.06.26 17:58:33 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Anne [2010.06.23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.06.23 16:00:46 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.06.23 16:00:46 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.06.23 16:00:46 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.06.23 16:00:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.06.23 16:00:46 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.06.23 16:00:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.06.23 16:00:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.06.23 16:00:46 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.06.23 16:00:39 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.06.23 16:00:38 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.06.23 16:00:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.06.23 16:00:38 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.06.23 16:00:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.06.23 16:00:37 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.06.23 16:00:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.06.23 16:00:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2009.07.14 01:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.23 04:49:32 | 007,340,032 | -HS- | M] () -- E:\Users\****\NTUSER.DAT [2010.07.23 04:42:31 | 000,000,082 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044230.reg [2010.07.23 04:41:42 | 000,008,094 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044139.reg [2010.07.23 04:36:31 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- E:\Users\****\Desktop\mbam-setup.exe [2010.07.23 04:36:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe [2010.07.23 03:47:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.23 03:47:41 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.23 03:47:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.23 03:47:41 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.23 03:47:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 03:42:16 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWow64\drivers\hwinterface.sys [2010.07.23 03:41:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.23 03:41:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 03:41:06 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 03:40:59 | 004,108,618 | -H-- | M] () -- E:\Users\****\AppData\Local\IconCache.db [2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd [2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.07.23 03:03:53 | 000,414,814 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.07.20 03:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2010.07.17 23:51:31 | 000,065,208 | ---- | M] () -- E:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.17 23:51:05 | 005,016,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.07.17 23:02:57 | 000,002,166 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230256.reg [2010.07.17 23:02:48 | 000,001,572 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230246.reg [2010.07.17 23:02:39 | 000,002,848 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230237.reg [2010.07.17 23:02:31 | 000,016,626 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230228.reg [2010.07.17 23:00:24 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI [2010.07.17 00:07:50 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2010.07.16 23:45:08 | 000,001,836 | ---- | M] () -- E:\Users\****\Documents\cc_20100716_234505.reg [2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak [2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop [2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr [2010.07.14 20:40:47 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.07.14 20:40:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.07.12 01:31:40 | 000,015,738 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013138.reg [2010.07.12 01:31:31 | 000,040,898 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013128.reg [2010.07.04 22:42:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.07.04 19:50:55 | 209,736,827 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4 [2010.07.04 16:47:29 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys [2010.06.29 20:57:53 | 209,541,232 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4 [2010.06.26 21:55:24 | 000,005,142 | ---- | M] () -- E:\Users\****\Documents\cc_20100626_215519.reg [2010.06.24 00:12:04 | 000,003,636 | ---- | M] () -- E:\Users\****\Documents\cc_20100624_001200.reg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.23 04:42:31 | 000,000,082 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044230.reg [2010.07.23 04:41:41 | 000,008,094 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044139.reg [2010.07.23 03:22:31 | 000,000,004 | -H-- | C] () -- C:\aaw7boot.cmd [2010.07.23 03:12:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2010.07.17 23:02:56 | 000,002,166 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230256.reg [2010.07.17 23:02:47 | 000,001,572 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230246.reg [2010.07.17 23:02:38 | 000,002,848 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230237.reg [2010.07.17 23:02:29 | 000,016,626 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230228.reg [2010.07.17 23:00:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.07.17 00:08:29 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.17 00:08:29 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.16 23:45:07 | 000,001,836 | ---- | C] () -- E:\Users\****\Documents\cc_20100716_234505.reg [2010.07.16 23:33:58 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak [2010.07.16 23:33:57 | 000,383,592 | RHS- | C] () -- C:\gdrop [2010.07.16 23:33:57 | 000,171,136 | RHS- | C] () -- C:\xeldr [2010.07.14 20:40:47 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.07.14 20:40:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.07.12 01:31:39 | 000,015,738 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013138.reg [2010.07.12 01:31:29 | 000,040,898 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013128.reg [2010.07.05 22:59:42 | 209,541,232 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4 [2010.07.05 22:57:05 | 209,736,827 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4 [2010.06.28 22:20:32 | 209,205,255 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4 [2010.06.28 22:20:28 | 209,711,157 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4 [2010.06.28 22:20:24 | 209,296,956 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4 [2010.06.28 22:20:06 | 209,326,072 | ---- | C] () -- E:\Users\****\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4 [2010.06.26 21:55:23 | 000,005,142 | ---- | C] () -- E:\Users\****\Documents\cc_20100626_215519.reg [2010.06.24 00:12:02 | 000,003,636 | ---- | C] () -- E:\Users\****\Documents\cc_20100624_001200.reg [2010.06.23 18:31:31 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.12 20:14:21 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.01.12 20:14:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.01.12 20:14:03 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.12.30 16:05:36 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2009.12.07 18:18:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009.12.05 11:37:34 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.20 20:19:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.11.20 20:19:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.20 20:19:35 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.11.20 20:19:35 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.11.20 20:19:35 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.11.20 20:19:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.11.20 20:19:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009.07.14 02:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2008.06.17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll [2006.05.19 04:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini [2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini [1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\MSCC2DE.DLL ========== LOP Check ========== [2010.03.13 20:16:03 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ace Mobile Software [2009.12.17 21:59:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Apowersoft [2009.12.20 23:36:10 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Auslogics [2010.01.20 17:25:21 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock [2010.06.05 13:39:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock2 [2009.12.05 11:39:15 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Canneverbe_Limited [2009.12.29 20:10:19 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\CPUControl [2009.11.21 19:13:12 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\DAEMON Tools Lite [2010.03.21 17:59:24 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\FileZilla [2010.07.22 15:55:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\foobar2000 [2010.01.17 21:20:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\GrabPro [2010.07.18 21:15:26 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\HLSW [2010.07.23 01:25:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Mumble [2009.11.28 23:50:33 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Octoshape [2010.02.05 22:50:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\ooVoo Details [2009.12.17 23:09:46 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\OpenOffice.org [2009.11.19 21:40:17 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Opera [2010.01.25 19:08:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Orbit [2010.02.14 01:34:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\pokerth [2010.01.23 21:17:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Publish Providers [2010.06.05 20:26:07 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\QIP [2010.01.24 15:49:56 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Sony [2010.01.24 16:11:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TeamViewer [2010.05.24 21:12:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Thunderbird [2010.07.15 20:29:49 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TS3Client [2010.05.07 23:17:40 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ubisoft [2010.03.13 20:21:45 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\uTorrent [2009.11.20 01:13:09 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Win7codecs [2010.02.06 20:29:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Windows Home Server [2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.05.17 11:22:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8B8CEBD @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 04:46:40 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Users\****\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TEST-PC
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6647EE24-8605-4A5D-AD3B-62DD877FBA3F}" = Aequitas File Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Electronic Sports League GUI2.11.2" = Electronic Sports League GUI
"FileZilla Client" = FileZilla Client 3.3.0.1
"foobar2000" = foobar2000 v1.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerTH 0.7.1" = PokerTH
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX-Einrichtungskonsole
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2010 14:38:15 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 19.07.2010 22:15:40 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 19.07.2010 23:14:02 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 07:38:56 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 15:13:05 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 22:56:28 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.07.2010 07:04:39 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.07.2010 11:21:23 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 22.07.2010 14:58:41 | Computer Name = test-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4c354523 Name des fehlerhaften Moduls: capture32.dll, Version: 0.0.0.0, Zeitstempel:
0x4b01571f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000fd54 ID des fehlerhaften Prozesses:
0x1078 Startzeit der fehlerhaften Anwendung: 0x01cb29c5d4127742 Pfad der fehlerhaften
Anwendung: d:\steam\steamapps\zok0\counter-strike source\hl2.exe Pfad des fehlerhaften
Moduls: E:\Users\****\AppData\Local\ESL Wire Game Client\aequitas\capture32.dll
Berichtskennung:
24634760-95c3-11df-ba5c-00ff01000001
Error - 22.07.2010 21:12:06 | Computer Name = test-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hwinterface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 18.02.2010 08:22:52 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 18.02.2010 08:23:11 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
Error - 18.02.2010 08:23:39 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
Error - 18.02.2010 17:24:36 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 18.02.2010 17:24:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
Error - 18.02.2010 17:25:25 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
Error - 19.02.2010 07:43:20 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 19.02.2010 07:43:38 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
Error - 19.02.2010 07:44:06 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
< End of report >
Vielen Dank schonmal für die Hilfe! Geändert von Kenan (23.07.2010 um 04:26 Uhr) |
|
23.07.2010, 14:10
| #2 | ||
| /// Selecta Jahrusso   | Problem mit CTV****.exe Malware/Wurm Zitat:
Zitat:
Erklärung hierfür ?
__________________ |
|
23.07.2010, 14:16
| #3 |
| | Problem mit CTV****.exe Malware/Wurm Ich hab den PC nicht selbst aufgespielt, sondern lediglich von einem Freund übernommen.
__________________Adobe Programme benutze ich garnicht, da ich mich mit ihnen nicht auskenne & weiß, dass man professionell geschult sein muss um sie in dem Umfang verwenden zu können, sodass sich die Anschaffung lohnt. Wenn du mir sagst wie ich das Programm komplett löschen kann werde ich dem nachgehen. Dennoch ist mir schleierhaft was eine nicht-originale Version eines Design Programms mit meinen Problemen zu tun hat. |
|
23.07.2010, 14:32
| #4 |
| /// Selecta Jahrusso | Problem mit CTV****.exe Malware/Wurm Weil ich erstens, nicht helfe sobald ich illegale Software finde. zweitens die Cracks meist dezent verseucht sind. Die Story mit dem Freund kann ich jetzt glauben oder auch nicht
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
23.07.2010, 14:37
| #5 |
| | Problem mit CTV****.exe Malware/Wurm Richtig, es ist deine Entscheidung ob du mir helfen möchtest oder nicht. Auf Wunsch deinstalliere ich es & mache nochmal alle Scans damit du heute Abend ein "sauberes" System siehst. Mir ist die Adobe Suite dermaßen egal, ich möchte nur das mein Computer wieder "gesund" ist, sodass ich wieder Online Banking bzw meine Anstehenden Überweisungen tätigen kann. Ich habe nun die Suite deinstalliert und den active host gelöscht. Sonst noch etwas, dass ich deinstallieren soll? |
|
23.07.2010, 15:00
| #6 |
| /// Selecta Jahrusso | Problem mit CTV****.exe Malware/Wurm richtige Reaktion  Gibt da manch andere die checken da total aus ^^ Downloade Dir bitte Load.exe
Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf. Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________ --> Problem mit CTV****.exe Malware/Wurm |
|
23.07.2010, 15:42
| #7 |
| | Problem mit CTV****.exe Malware/Wurm Ich habe alle Schritte der Anleitung entsprechend durchgeführt, jedoch ist nachdem OTL fertig war mit dem scan keine extras.txt generiert worden sondern lediglich die OTL.txt Hier zunächst die MBAM.txt Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4340
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.07.2010 16:31:30
mbam-log-2010-07-23 (16-31-30).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129314
Laufzeit: 2 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und hier die OTL.txt Code:
ATTFilter OTL logfile created on: 23.07.2010 16:37:31 - Run 3 OTL by OldTimer - Version 3.2.9.1 Folder = E:\Users\David\Desktop\MFTools 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free 10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): e:\pagefile.sys 6141 6141 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 29,30 Gb Total Space | 11,85 Gb Free Space | 40,44% Space Free | Partition Type: NTFS Drive D: | 170,51 Gb Total Space | 121,70 Gb Free Space | 71,38% Space Free | Partition Type: NTFS Drive E: | 396,37 Gb Total Space | 71,43 Gb Free Space | 18,02% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TEST-PC Current User Name: David Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - E:\Users\David\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - E:\NM Monitor\nmmonitor.exe () PRC - D:\Avast4\ashDisp.exe (ALWIL Software) PRC - D:\Avast4\ashServ.exe (ALWIL Software) PRC - D:\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - E:\Users\David\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\Internet Explorer\ieproxy.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\StructuredQuery.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\SearchFolder.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation) SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (avast! Antivirus) -- D:\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- D:\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- D:\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- D:\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (NMSAccessU) -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys File not found DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys File not found DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys File not found DRV:64bit: - (hwinterface) -- C:\Windows\SysNative\Drivers\hwinterface.sys File not found DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL File not found DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL File not found DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL File not found DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\Windows\SysNative\drivers\spc1330.sys () DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\drivers\phaudlwr.sys (Philips Applied Technologies) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Buzz) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 95 63 43 DA AC CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://tv.esl.eu/de/" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: D:\Mozilla Firefox\components [2010.07.22 18:40:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.23 15:49:31 | 000,000,000 | ---D | M] [2010.05.24 21:12:59 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\mozilla\Extensions [2010.05.24 21:12:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\David\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.02.10 14:37:52 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\qbn47nrx.default\extensions O1 HOSTS File: ([2010.07.23 15:56:58 | 000,414,784 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 14320 more lines... O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [AsioReg] File not found O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [avast!] D:\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [NM Monitor] E:\NM Monitor\nmmonitor.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell - "" = AutoRun O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010.07.23 16:28:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.07.23 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.07.23 16:25:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.23 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.07.23 16:18:55 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\MFTools [2010.07.23 04:37:58 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Malwarebytes [2010.07.23 04:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.23 04:37:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.23 03:12:12 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Sunbelt Software [2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.07.23 02:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.07.20 23:54:12 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\foobar2000 [2010.07.18 01:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2010.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2010.07.18 01:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2010.07.18 01:54:05 | 000,000,000 | ---D | C] -- C:\ATI [2010.07.17 23:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.07.17 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative [2010.07.13 14:08:29 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Immersion [2010.07.12 01:33:25 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\vlc [2010.07.11 23:51:50 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\oggy [2010.07.11 23:38:19 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Biber [2010.07.09 19:39:50 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\n!takken [2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2010.06.26 17:58:33 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Anne [2010.06.23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.06.21 16:17:08 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\China [2010.06.20 02:08:18 | 000,000,000 | ---D | C] -- E:\Users\David\Documents\My Library [2010.06.20 02:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H [2010.06.17 20:34:07 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Portable_Quake_III_sh [2010.06.17 20:27:11 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2010.06.17 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2010.06.13 20:49:08 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Zattoo [2010.06.08 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS [2010.06.08 18:51:15 | 000,000,000 | ---D | C] -- E:\Users\David\temp [2010.06.05 20:26:07 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\QIP [2010.05.31 15:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.05.28 21:31:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.05.28 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.05.27 19:18:48 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2010.05.25 12:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt [2010.05.24 21:12:56 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Thunderbird [2010.05.24 21:12:56 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Thunderbird [2010.05.22 14:15:54 | 000,000,000 | ---D | C] -- E:\Users\David\Documents\StarCraft II Beta [2010.05.22 14:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.05.17 15:40:58 | 000,021,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2010.05.07 23:17:40 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Ubisoft [2010.05.07 23:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2009.07.14 01:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll ========== Files - Modified Within 90 Days ========== [2010.07.23 16:37:29 | 007,340,032 | -HS- | M] () -- E:\Users\David\NTUSER.DAT [2010.07.23 16:28:57 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.23 16:28:57 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.23 16:28:57 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.23 16:28:57 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.23 16:28:57 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.23 16:28:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 16:28:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.23 16:27:35 | 000,000,845 | ---- | M] () -- E:\Users\David\Desktop\NTREGOPT.lnk [2010.07.23 16:27:35 | 000,000,832 | ---- | M] () -- E:\Users\David\Desktop\ERUNT.lnk [2010.07.23 16:23:22 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWow64\drivers\hwinterface.sys [2010.07.23 16:22:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.23 16:22:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.07.23 16:22:18 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 16:22:18 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 16:22:18 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.23 16:22:09 | 004,123,496 | -H-- | M] () -- E:\Users\David\AppData\Local\IconCache.db [2010.07.23 16:18:08 | 000,410,680 | ---- | M] () -- E:\Users\David\Desktop\Load.exe [2010.07.23 15:56:58 | 000,414,784 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.07.23 04:42:31 | 000,000,082 | ---- | M] () -- E:\Users\David\Documents\cc_20100723_044230.reg [2010.07.23 04:41:42 | 000,008,094 | ---- | M] () -- E:\Users\David\Documents\cc_20100723_044139.reg [2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd [2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.07.20 03:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2010.07.17 23:51:31 | 000,065,208 | ---- | M] () -- E:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.17 23:51:05 | 005,016,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.07.17 23:02:57 | 000,002,166 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230256.reg [2010.07.17 23:02:48 | 000,001,572 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230246.reg [2010.07.17 23:02:39 | 000,002,848 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230237.reg [2010.07.17 23:02:31 | 000,016,626 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230228.reg [2010.07.17 23:00:24 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI [2010.07.17 00:07:50 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2010.07.16 23:45:08 | 000,001,836 | ---- | M] () -- E:\Users\David\Documents\cc_20100716_234505.reg [2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak [2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop [2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr [2010.07.14 20:40:47 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.07.14 20:40:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.07.12 01:31:40 | 000,015,738 | ---- | M] () -- E:\Users\David\Documents\cc_20100712_013138.reg [2010.07.12 01:31:31 | 000,040,898 | ---- | M] () -- E:\Users\David\Documents\cc_20100712_013128.reg [2010.07.04 22:42:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2010.07.04 19:50:55 | 209,736,827 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4 [2010.07.04 16:47:29 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys [2010.06.29 20:57:53 | 209,541,232 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4 [2010.06.26 21:55:24 | 000,005,142 | ---- | M] () -- E:\Users\David\Documents\cc_20100626_215519.reg [2010.06.24 00:12:04 | 000,003,636 | ---- | M] () -- E:\Users\David\Documents\cc_20100624_001200.reg [2010.06.22 19:39:12 | 209,205,255 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4 [2010.06.19 16:11:51 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.06.17 23:41:15 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini [2010.06.15 18:49:16 | 209,711,157 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4 [2010.06.13 20:56:16 | 000,019,456 | ---- | M] () -- E:\Users\David\AppData\Local\WebpageIcons.db [2010.06.06 15:30:27 | 209,296,956 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4 [2010.06.05 20:15:02 | 000,006,982 | ---- | M] () -- E:\Users\David\Documents\cc_20100605_201458.reg [2010.05.31 14:57:12 | 000,921,624 | ---- | M] () -- C:\spc1330-001.raw [2010.05.30 14:49:02 | 209,326,072 | ---- | M] () -- E:\Users\David\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4 [2010.05.27 19:47:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2010.05.26 23:59:25 | 000,007,602 | ---- | M] () -- E:\Users\David\AppData\Local\Resmon.ResmonCfg [2010.05.26 23:53:41 | 000,001,538 | ---- | M] () -- E:\Users\David\Documents\cc_20100526_235340.reg [2010.05.26 23:53:34 | 000,004,746 | ---- | M] () -- E:\Users\David\Documents\cc_20100526_235332.reg [2010.05.25 17:15:04 | 000,016,430 | ---- | M] () -- E:\Users\David\Documents\cc_20100525_171501.reg [2010.05.25 17:14:55 | 000,043,674 | ---- | M] () -- E:\Users\David\Documents\cc_20100525_171452.reg [2010.05.25 17:13:28 | 000,000,504 | ---- | M] () -- E:\Users\David\Desktop\HLSW.lnk [2010.05.25 17:13:20 | 000,000,481 | ---- | M] () -- E:\Users\David\Desktop\ESL Wire Gaming Client.lnk [2010.05.17 15:40:59 | 000,021,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.07.23 16:27:35 | 000,000,845 | ---- | C] () -- E:\Users\David\Desktop\NTREGOPT.lnk [2010.07.23 16:27:35 | 000,000,832 | ---- | C] () -- E:\Users\David\Desktop\ERUNT.lnk [2010.07.23 16:18:08 | 000,410,680 | ---- | C] () -- E:\Users\David\Desktop\Load.exe [2010.07.23 04:42:31 | 000,000,082 | ---- | C] () -- E:\Users\David\Documents\cc_20100723_044230.reg [2010.07.23 04:41:41 | 000,008,094 | ---- | C] () -- E:\Users\David\Documents\cc_20100723_044139.reg [2010.07.23 03:22:31 | 000,000,004 | -H-- | C] () -- C:\aaw7boot.cmd [2010.07.23 03:12:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2010.07.17 23:02:56 | 000,002,166 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230256.reg [2010.07.17 23:02:47 | 000,001,572 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230246.reg [2010.07.17 23:02:38 | 000,002,848 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230237.reg [2010.07.17 23:02:29 | 000,016,626 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230228.reg [2010.07.17 23:00:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.07.17 00:08:29 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.17 00:08:29 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx [2010.07.16 23:45:07 | 000,001,836 | ---- | C] () -- E:\Users\David\Documents\cc_20100716_234505.reg [2010.07.16 23:33:58 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak [2010.07.16 23:33:57 | 000,383,592 | RHS- | C] () -- C:\gdrop [2010.07.16 23:33:57 | 000,171,136 | RHS- | C] () -- C:\xeldr [2010.07.14 20:40:47 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.07.14 20:40:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.07.12 01:31:39 | 000,015,738 | ---- | C] () -- E:\Users\David\Documents\cc_20100712_013138.reg [2010.07.12 01:31:29 | 000,040,898 | ---- | C] () -- E:\Users\David\Documents\cc_20100712_013128.reg [2010.07.05 22:59:42 | 209,541,232 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4 [2010.07.05 22:57:05 | 209,736,827 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4 [2010.06.28 22:20:32 | 209,205,255 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4 [2010.06.28 22:20:28 | 209,711,157 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4 [2010.06.28 22:20:24 | 209,296,956 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4 [2010.06.28 22:20:06 | 209,326,072 | ---- | C] () -- E:\Users\David\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4 [2010.06.26 21:55:23 | 000,005,142 | ---- | C] () -- E:\Users\David\Documents\cc_20100626_215519.reg [2010.06.24 00:12:02 | 000,003,636 | ---- | C] () -- E:\Users\David\Documents\cc_20100624_001200.reg [2010.06.23 18:31:31 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys [2010.06.19 16:11:51 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.06.13 20:49:08 | 000,019,456 | ---- | C] () -- E:\Users\David\AppData\Local\WebpageIcons.db [2010.06.05 20:15:01 | 000,006,982 | ---- | C] () -- E:\Users\David\Documents\cc_20100605_201458.reg [2010.05.27 19:47:34 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2010.05.26 23:53:40 | 000,001,538 | ---- | C] () -- E:\Users\David\Documents\cc_20100526_235340.reg [2010.05.26 23:53:33 | 000,004,746 | ---- | C] () -- E:\Users\David\Documents\cc_20100526_235332.reg [2010.05.25 20:06:17 | 000,007,046 | ---- | C] () -- E:\Users\David\wtvClient.log [2010.05.25 17:15:02 | 000,016,430 | ---- | C] () -- E:\Users\David\Documents\cc_20100525_171501.reg [2010.05.25 17:14:53 | 000,043,674 | ---- | C] () -- E:\Users\David\Documents\cc_20100525_171452.reg [2010.05.25 17:13:28 | 000,000,504 | ---- | C] () -- E:\Users\David\Desktop\HLSW.lnk [2010.05.25 17:13:20 | 000,000,481 | ---- | C] () -- E:\Users\David\Desktop\ESL Wire Gaming Client.lnk [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.12 20:14:21 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.01.12 20:14:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.01.12 20:14:03 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.12.30 16:05:36 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2009.12.07 18:18:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009.12.05 11:37:34 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.11.20 20:19:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.11.20 20:19:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.20 20:19:35 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.11.20 20:19:35 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.11.20 20:19:35 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.11.20 20:19:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.11.20 20:19:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2009.07.14 02:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2008.06.17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll [2006.05.19 04:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini [2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini [1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\MSCC2DE.DLL ========== LOP Check ========== [2010.03.13 20:16:03 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Ace Mobile Software [2009.12.17 21:59:51 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Apowersoft [2009.12.20 23:36:10 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Auslogics [2010.01.20 17:25:21 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Bioshock [2010.06.05 13:39:18 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Bioshock2 [2009.12.05 11:39:15 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Canneverbe_Limited [2009.12.29 20:10:19 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\CPUControl [2009.11.21 19:13:12 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\DAEMON Tools Lite [2010.03.21 17:59:24 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\FileZilla [2010.07.22 15:55:16 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\foobar2000 [2010.01.17 21:20:51 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\GrabPro [2010.07.18 21:15:26 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\HLSW [2010.07.23 01:25:58 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Mumble [2009.11.28 23:50:33 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Octoshape [2010.02.05 22:50:18 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\ooVoo Details [2009.12.17 23:09:46 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\OpenOffice.org [2009.11.19 21:40:17 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Opera [2010.01.25 19:08:59 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Orbit [2010.02.14 01:34:16 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\pokerth [2010.01.23 21:17:05 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Publish Providers [2010.06.05 20:26:07 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\QIP [2010.01.24 15:49:56 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Sony [2010.01.24 16:11:05 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\TeamViewer [2010.05.24 21:12:58 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Thunderbird [2010.07.15 20:29:49 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\TS3Client [2010.05.07 23:17:40 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Ubisoft [2010.03.13 20:21:45 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\uTorrent [2009.11.20 01:13:09 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Win7codecs [2010.02.06 20:29:52 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Windows Home Server [2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.05.17 11:22:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd [2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2009.11.20 04:16:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak [2009.11.22 16:20:43 | 000,438,840 | RHS- | M] () -- C:\bootxez [2010.04.22 17:56:52 | 000,007,200 | ---- | M] () -- C:\CTSUFile.txt [2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop [2010.07.23 16:22:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010.05.31 14:57:12 | 000,921,624 | ---- | M] () -- C:\spc1330-001.raw [2009.11.20 04:24:57 | 000,171,136 | RHS- | M] () -- C:\w7ldr [2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr [2009.11.22 16:20:43 | 000,206,312 | RHS- | M] () -- C:\XELDZ [2009.11.22 16:20:43 | 000,009,216 | RHS- | M] () -- C:\XELDZ.1st < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\drivers\*.sys /90 > [2010.07.23 16:23:22 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWOW64\drivers\hwinterface.sys [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys < %systemroot%\system32\user32.dll /md5 > [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8B8CEBD @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.07.2010 17:02:19 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Users\David\Desktop\MFTools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 11,85 Gb Free Space | 40,43% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 121,70 Gb Free Space | 71,38% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,41 Gb Free Space | 18,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TEST-PC
Current User Name: David
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6647EE24-8605-4A5D-AD3B-62DD877FBA3F}" = Aequitas File Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Electronic Sports League GUI2.11.2" = Electronic Sports League GUI
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.0.1
"foobar2000" = foobar2000 v1.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerTH 0.7.1" = PokerTH
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX-Einrichtungskonsole
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.07.2010 14:38:15 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 19.07.2010 22:15:40 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 19.07.2010 23:14:02 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 07:38:56 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 15:13:05 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.07.2010 22:56:28 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.07.2010 07:04:39 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 21.07.2010 11:21:23 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 22.07.2010 14:58:41 | Computer Name = test-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4c354523 Name des fehlerhaften Moduls: capture32.dll, Version: 0.0.0.0, Zeitstempel:
0x4b01571f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000fd54 ID des fehlerhaften Prozesses:
0x1078 Startzeit der fehlerhaften Anwendung: 0x01cb29c5d4127742 Pfad der fehlerhaften
Anwendung: d:\steam\steamapps\zok0\counter-strike source\hl2.exe Pfad des fehlerhaften
Moduls: E:\Users\David\AppData\Local\ESL Wire Game Client\aequitas\capture32.dll
Berichtskennung:
24634760-95c3-11df-ba5c-00ff01000001
Error - 22.07.2010 21:12:06 | Computer Name = test-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hwinterface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 18.02.2010 08:22:52 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 18.02.2010 08:23:11 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
Error - 18.02.2010 08:23:39 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
Error - 18.02.2010 17:24:36 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 18.02.2010 17:24:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
Error - 18.02.2010 17:25:25 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
hwinterface
Error - 19.02.2010 07:43:20 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 19.02.2010 07:43:38 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
Fehlers nicht gestartet wurde: %%1058
< End of report >
Geändert von Kenan (23.07.2010 um 16:07 Uhr) |
|
24.07.2010, 21:37
| #8 |
| /// Selecta Jahrusso | Problem mit CTV****.exe Malware/Wurm Grundreinigung mit SUPERAntiSpyware
Schritt 2 Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update XX) von [http://www.java.com/de/download/manual.jsp]Oracle[/url]. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6uXX-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars (Yahoo Toolbar) nicht mitinstallieren. Schritt 3 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Wenn der Scan beendet wurde[list][*] Klicke Finish.[*]Browser schließen.[*]Explorer öffnen.[*]C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.[*]Logfile hier posten. Schritt 4 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort SASW Log ESET Log OTL.txt Extras.txt
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
31.07.2010, 21:18
| #9 |
| /// Selecta Jahrusso | Problem mit CTV****.exe Malware/Wurm Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Problem mit CTV****.exe Malware/Wurm |
| 0 bytes, 7-zip, ad-aware, alternate, antivirus, avast!, bho, c:\windows\system32\rundll32.exe, call of duty, canon, cdburnerxp, cleaner pro, components, converter, counter-strike source, diagnostics, error, fehler, firefox, flash player, format, helper, hijack, home, install.exe, kompatibilität, langs, launch, location, logfile, malware, media center, monitor, mozilla, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, problem, programdata, realtek, registry, richtlinie, rundll, saver, security, server, shell32.dll, shortcut, software, sptd.sys, staropen, syswow64, teamspeak, usbaapl64, vlc media player, webcheck |
drücken.
Button.
Linear-Darstellung
