| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.12.2010, 11:58
| #1 |
 |  "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\" Huhu zusammen, ich habe aktuell ein Problem mit meinem Computer. Vorab: ich benutze Windows 7 Home Premium (64bit) und avast! Antivirus 4.8. Gestern hat mir avast! einen Virus im Ordner "C:\Users\***\AppData\Local\Temp\" gemeldet. Ich bin den Anweisungen gefolgt und habe den Virus in den "Container" verschoben. Soweit so gut. Einige Minuten später stürzte dann der Windows Explorer ab, d.h. ich hatte weder Taskleiste noch Explorer-Fenster. Der Windows Explorer startete sich aber direkt wieder neu (wurde auch so angekündigt). Das Ganze passierte gleich 3 mal innerhalb von 1-2 Stunden. Ich habe dann erstmal eine Systemwiederherstellung gemacht und seitdem auch keine Probleme mehr gehabt. Heute Morgen habe ich dann den Virenscanner nochmal durch das Temp-Verzeichnis laufen lassen und die gleiche Meldung kam erneut. Das Merkwürdige: wenn ich auf "in Container verschieben" gedrückt habe, kam die Meldung, dass avast! nicht auf die Datei zugreifen kann. Daraufhin kam dann die Virenmeldung erneut. Nach ein paar Versuchen habe ich dann auf "Löschen" gedrückt. Nach einem Neustart hat der Virenscan dann auch keine Viren mehr gefunden. Im avast! Container befindet sich die Virendatei nun gleich 2 mal. Sie heißt "0.05870814618642739.exe", wozu ich bei Google leider rein gar nichts finden konnte. avast! hat die Datei als "Win32:Trojan-gen" identifiziert mit einer Größe von 664576. Zuletzt bearbeitet wurde die Datei offensichtlich am 25.12.2010. An dem Tag habe ich 3 Programme installiert: - Opera 11 - "dotoo" (Widget für Opera 10/11) - "OOrganizer beta1" (Widget für Opera 10/11) Die erste Meldung seitens avast! kam gestern zu einem Zeitpunkt, wo ich über den EA Download Manager das Spiel "Burnout Ultimate Box" heruntergeladen habe. Davor hatte ich an dem Tag noch Trillian 5 Beta und Eisenbahn.exe Professional 5.0 Premium Edition installiert. Nun, so viel zu möglichen Zusammenhängen. Ich fand das Ganze einfach recht merkwürdig vom Verlauf her, deswegen wollte ich lieber nochmal hier nachfragen. Im Anhang daher die 3 Logfiles: - "OTL.Txt" - "Extras.Txt" - "mbam-log-2010-12-28 (11-08-40).txt" Zu der Prozedur mit OTL, TFC, etc. hätte ich auch noch eine Frage. Seit den Durchläufen zeigt mein Explorer keine Datei-Endungen mehr an (war vorher so eingestellt). Ich hab das nun einfach nochmal aktiviert. Die Frage ist nur, inwiefern auch noch andere Dinge in der Registry geändert wurden? Muss ich nach den Durchläufen die gesicherte Registry wiederherstellen oder lieber nicht? Vielen, vielen Dank schonmal  mbam-log-2010-12-28 (11-08-40) Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5406
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.12.2010 11:08:40
mbam-log-2010-12-28 (11-08-40).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156975
Laufzeit: 2 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Leomuck\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 28.12.2010 11:17:34 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 68,26 Gb Total Space | 9,30 Gb Free Space | 13,62% Space Free | Partition Type: NTFS Drive D: | 164,52 Gb Total Space | 18,22 Gb Free Space | 11,08% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Leomuck | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera 11\opera.exe (Opera Software) PRC - C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (bcm44amd64) -- C:\Windows\SysNative\drivers\b44amd64.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (OEM02Dev) -- C:\Windows\SysNative\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation) DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation) DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation) DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation) DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation) DRV:64bit: - (OEM02Vfx) -- C:\Windows\SysNative\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F AB 6E 32 61 9D CB 01 [binary data] IE - HKU\S-1-5-21-64241907-263897044-3531913950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-64241907-263897044-3531913950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 10:08:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.27 15:10:41 | 000,000,000 | ---D | M] [2010.12.19 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\mozilla\Extensions [2010.12.24 13:28:44 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\mozilla\Firefox\Profiles\jqgey69m.default\extensions [2010.12.19 10:11:14 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Leomuck\AppData\Roaming\mozilla\Firefox\Profiles\jqgey69m.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.12.19 10:08:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.10 20:40:25 | 000,001,357 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-64241907-263897044-3531913950-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-64241907-263897044-3531913950-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-64241907-263897044-3531913950-1000..\Run: [SansaDispatch] C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: SystInit - (C:\Windows\system32\DWWIhost.dll) - C:\Windows\SysWow64\DWWIhost.dll File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: EPSON Stylus DX4000 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.12.28 11:05:00 | 000,000,000 | ---D | C] -- D:\Documents\ERUNT [2010.12.28 11:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.12.28 10:54:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.28 10:54:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.28 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.12.28 10:38:25 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Roaming\Malwarebytes [2010.12.28 10:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.28 10:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.27 21:45:58 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Roaming\Trillian [2010.12.27 21:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2010.12.27 12:24:12 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Local\Electronic Arts [2010.12.27 12:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.12.27 12:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010.12.25 13:54:43 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Roaming\vlc [2010.12.25 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Local\dotoo [2010.12.25 00:27:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3.dll [2010.12.25 00:27:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3r.dll [2010.12.25 00:27:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\msxml3a.dll [2010.12.25 00:26:40 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Local\OOrganizer beta1 [2010.12.25 00:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend [2010.12.25 00:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera 11 [2010.12.23 23:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tulox [2010.12.23 23:11:17 | 000,000,000 | ---D | C] -- C:\MediaphorAG [2010.12.21 18:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.12.19 10:08:07 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Roaming\Mozilla [2010.12.15 16:48:25 | 000,000,000 | ---D | C] -- D:\Documents\My Games [2010.12.15 16:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2010.12.15 11:33:23 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:33:23 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:33:23 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:33:23 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:33:23 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:33:23 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:33:23 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:33:23 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:33:21 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 11:33:21 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 11:33:21 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 11:33:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 11:33:17 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:33:17 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:33:15 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:33:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 11:33:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 11:33:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 11:33:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:33:02 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 11:33:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 11:33:02 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 11:33:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 11:33:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 11:33:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 11:33:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 11:33:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 11:33:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 11:33:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.13 10:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010.12.13 09:32:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\sysnfxo [2010.12.13 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Local\Ocster Backup [2010.12.13 09:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ocster Backup [2010.12.11 19:27:50 | 000,000,000 | ---D | C] -- D:\Documents\Gutscheine [2010.12.10 17:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blizzard [2010.12.10 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2010.12.05 15:36:21 | 000,000,000 | ---D | C] -- D:\Documents\My Streaming Media [2010.12.05 15:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZD Soft [2010.12.05 15:14:14 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Local\TechSmith [2010.12.05 15:14:06 | 000,000,000 | ---D | C] -- D:\Documents\Camtasia Studio [2010.12.02 15:27:11 | 000,000,000 | ---D | C] -- D:\Documents\Test Drive Unlimited [2010.12.02 14:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abloadtool [2010.12.02 10:38:59 | 000,000,000 | ---D | C] -- D:\Documents\Sansa Media Converter [2010.12.02 10:38:04 | 000,010,368 | ---- | C] (InterVideo, Inc.) -- C:\Windows\SysWow64\iviaspi.sys [2010.12.02 10:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SanDisk [2010.12.02 10:25:36 | 000,000,000 | ---D | C] -- C:\Users\Leomuck\AppData\Roaming\SanDisk [2010.12.01 20:25:58 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.12.01 20:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited [2010.12.01 20:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Atari [2010.12.01 20:21:51 | 000,000,000 | RH-D | C] -- C:\Users\Leomuck\AppData\Roaming\SecuROM [2010.12.01 20:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari [2010.12.01 19:11:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.01 19:11:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.01 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes ========== Files - Modified Within 30 Days ========== [2010.12.28 11:10:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.28 11:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.28 11:09:41 | 2414,379,008 | -HS- | M] () -- C:\hiberfil.sys [2010.12.28 11:09:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 11:09:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.28 11:03:55 | 000,000,926 | ---- | M] () -- C:\Users\Leomuck\Desktop\NTREGOPT.lnk [2010.12.28 11:03:55 | 000,000,907 | ---- | M] () -- C:\Users\Leomuck\Desktop\ERUNT.lnk [2010.12.28 10:52:39 | 000,472,152 | ---- | M] () -- C:\Users\Leomuck\Desktop\Load.exe [2010.12.28 10:25:37 | 000,032,256 | ---- | M] () -- D:\Documents\Traumtagebuch 21.doc [2010.12.28 09:58:07 | 004,899,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.28 09:25:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.25 13:20:52 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.25 13:20:52 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.25 13:20:52 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.25 13:20:52 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.25 13:20:52 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.24 09:43:10 | 000,030,720 | ---- | M] () -- D:\Documents\Traumtagebuch 20.doc [2010.12.23 23:18:39 | 000,001,043 | ---- | M] () -- C:\Users\Leomuck\Desktop\tulox.lnk [2010.12.23 23:04:05 | 000,002,535 | ---- | M] () -- C:\Users\Leomuck\Desktop\Skype.lnk [2010.12.23 12:06:12 | 000,021,550 | ---- | M] () -- C:\Users\Leomuck\.recently-used.xbel [2010.12.21 20:02:16 | 000,992,779 | ---- | M] () -- D:\Documents\Uli Stein Adventskalender.docx [2010.12.21 19:18:19 | 000,139,776 | ---- | M] () -- D:\Documents\*** cover 2.doc [2010.12.21 19:17:40 | 000,139,264 | ---- | M] () -- D:\Documents\*** cover 1.doc [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.19 09:49:35 | 000,029,184 | ---- | M] () -- D:\Documents\Traumtagebuch 19.doc [2010.12.15 17:22:44 | 000,000,258 | ---- | M] () -- C:\Users\Leomuck\Desktop\GameExplorer.lnk [2010.12.15 09:41:02 | 000,001,199 | ---- | M] () -- C:\Users\Leomuck\Desktop\XAMPP.lnk [2010.12.15 09:40:59 | 000,001,143 | ---- | M] () -- C:\Users\Leomuck\Desktop\Videos.lnk [2010.12.15 09:40:55 | 000,001,132 | ---- | M] () -- C:\Users\Leomuck\Desktop\Musik.lnk [2010.12.15 09:40:52 | 000,001,237 | ---- | M] () -- C:\Users\Leomuck\Desktop\Downloads.lnk [2010.12.15 09:40:49 | 000,001,160 | ---- | M] () -- C:\Users\Leomuck\Desktop\Dokumente.lnk [2010.12.15 09:40:44 | 000,001,153 | ---- | M] () -- C:\Users\Leomuck\Desktop\Bilder.lnk [2010.12.14 09:53:43 | 000,032,768 | ---- | M] () -- D:\Documents\Traumtagebuch 18.doc [2010.12.13 16:32:17 | 000,034,816 | ---- | M] () -- D:\Documents\Traumtagebuch 17.doc [2010.12.07 09:28:58 | 000,030,208 | ---- | M] () -- D:\Documents\Traumtagebuch 16.doc [2010.12.04 07:51:17 | 000,026,624 | ---- | M] () -- D:\Documents\Traumtagebuch 15.doc [2010.12.02 11:24:25 | 000,022,016 | ---- | M] () -- D:\Documents\Traumtagebuch 14.doc [2010.12.01 20:25:58 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2010.11.30 09:51:17 | 000,025,088 | ---- | M] () -- D:\Documents\Traumtagebuch 13.doc [2010.11.29 14:00:26 | 000,022,528 | ---- | M] () -- D:\Documents\Fehlerbeschreibung.doc ========== Files Created - No Company Name ========== [2010.12.28 11:03:55 | 000,000,926 | ---- | C] () -- C:\Users\Leomuck\Desktop\NTREGOPT.lnk [2010.12.28 11:03:55 | 000,000,907 | ---- | C] () -- C:\Users\Leomuck\Desktop\ERUNT.lnk [2010.12.28 10:52:38 | 000,472,152 | ---- | C] () -- C:\Users\Leomuck\Desktop\Load.exe [2010.12.25 11:17:00 | 000,032,256 | ---- | C] () -- D:\Documents\Traumtagebuch 21.doc [2010.12.23 23:18:39 | 000,001,043 | ---- | C] () -- C:\Users\Leomuck\Desktop\tulox.lnk [2010.12.23 23:18:38 | 000,198,864 | ---- | C] () -- C:\Windows\SysWow64\Tahoma.ttf [2010.12.23 23:18:38 | 000,195,956 | ---- | C] () -- C:\Windows\SysWow64\Tahomabd.ttf [2010.12.23 23:04:05 | 000,002,535 | ---- | C] () -- C:\Users\Leomuck\Desktop\Skype.lnk [2010.12.23 12:06:12 | 000,021,550 | ---- | C] () -- C:\Users\Leomuck\.recently-used.xbel [2010.12.21 20:02:16 | 000,992,779 | ---- | C] () -- D:\Documents\Uli Stein Adventskalender.docx [2010.12.21 19:18:19 | 000,139,776 | ---- | C] () -- D:\Documents\*** cover 2.doc [2010.12.21 19:17:39 | 000,139,264 | ---- | C] () -- D:\Documents\*** cover 1.doc [2010.12.20 09:23:51 | 000,030,720 | ---- | C] () -- D:\Documents\Traumtagebuch 20.doc [2010.12.15 17:22:44 | 000,000,258 | ---- | C] () -- C:\Users\Leomuck\Desktop\GameExplorer.lnk [2010.12.15 09:44:58 | 000,029,184 | ---- | C] () -- D:\Documents\Traumtagebuch 19.doc [2010.12.15 09:40:59 | 000,001,143 | ---- | C] () -- C:\Users\Leomuck\Desktop\Videos.lnk [2010.12.15 09:40:55 | 000,001,132 | ---- | C] () -- C:\Users\Leomuck\Desktop\Musik.lnk [2010.12.15 09:40:52 | 000,001,237 | ---- | C] () -- C:\Users\Leomuck\Desktop\Downloads.lnk [2010.12.15 09:40:49 | 000,001,160 | ---- | C] () -- C:\Users\Leomuck\Desktop\Dokumente.lnk [2010.12.15 09:40:44 | 000,001,153 | ---- | C] () -- C:\Users\Leomuck\Desktop\Bilder.lnk [2010.12.14 09:41:00 | 000,032,768 | ---- | C] () -- D:\Documents\Traumtagebuch 18.doc [2010.12.08 11:35:26 | 000,034,816 | ---- | C] () -- D:\Documents\Traumtagebuch 17.doc [2010.12.05 08:51:41 | 000,030,208 | ---- | C] () -- D:\Documents\Traumtagebuch 16.doc [2010.12.04 07:51:16 | 000,026,624 | ---- | C] () -- D:\Documents\Traumtagebuch 15.doc [2010.12.02 11:24:23 | 000,022,016 | ---- | C] () -- D:\Documents\Traumtagebuch 14.doc [2010.11.30 09:35:09 | 000,025,088 | ---- | C] () -- D:\Documents\Traumtagebuch 13.doc [2010.11.29 14:00:25 | 000,022,528 | ---- | C] () -- D:\Documents\Fehlerbeschreibung.doc [2010.11.21 10:38:35 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl0.dat [2010.11.21 10:38:19 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2010.10.17 12:18:37 | 000,000,020 | ---- | C] () -- C:\Users\Leomuck\AppData\Roaming\ahcgfk.dat [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.07.04 11:37:07 | 000,007,596 | ---- | C] () -- C:\Users\Leomuck\AppData\Local\Resmon.ResmonCfg [2010.07.03 23:16:57 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.07.03 23:16:57 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.06.17 18:20:40 | 000,021,882 | ---- | C] () -- C:\Users\Leomuck\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.06.15 22:04:34 | 000,019,456 | ---- | C] () -- C:\Users\Leomuck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.11 15:03:44 | 000,017,408 | ---- | C] () -- C:\Users\Leomuck\AppData\Local\WebpageIcons.db [2010.06.10 19:41:16 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010.11.07 21:27:18 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Alawar [2010.06.22 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Atari [2010.10.04 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Boolat Games [2010.06.22 10:55:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\DAEMON Tools Lite [2010.09.11 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\dBpoweramp [2010.12.16 22:40:04 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.22 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\FileZilla [2010.12.28 01:00:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\foobar2000 [2010.12.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\gtk-2.0 [2010.12.28 10:27:11 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ICQ [2010.12.05 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\IrfanView [2010.10.05 19:46:50 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Little Worlds Online [2010.12.26 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ManyCam [2010.06.12 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Mp3tag [2010.07.21 01:11:45 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Notepad++ [2010.12.25 00:30:24 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Opera [2010.10.04 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\PlayFirst [2010.11.07 11:25:36 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Playrix Entertainment [2010.10.05 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\PoBros [2010.12.02 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\SanDisk [2010.12.27 21:48:07 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Trillian [2010.06.24 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\UNOUndercover [2010.11.15 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ViquaSoft [2010.10.05 00:20:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\World-LooM [2010.11.07 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\YoudaGames [2010.10.05 10:53:05 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Zylom [2010.11.04 20:42:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.11 13:27:56 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\AccurateRip [2010.12.23 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Adobe [2010.07.04 01:02:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Ahead [2010.11.07 21:27:18 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Alawar [2010.06.22 09:51:28 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Apple Computer [2010.06.22 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Atari [2010.10.04 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Boolat Games [2010.06.22 10:55:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\DAEMON Tools Lite [2010.09.11 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\dBpoweramp [2010.08.02 09:21:40 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\dvdcss [2010.12.16 22:40:04 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.22 14:30:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\FileZilla [2010.12.28 01:00:03 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\foobar2000 [2010.12.23 12:06:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\gtk-2.0 [2010.12.28 10:27:11 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ICQ [2010.10.05 10:53:05 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Identities [2010.12.05 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\IrfanView [2010.10.05 19:46:50 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Little Worlds Online [2010.06.10 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Macromedia [2010.12.28 10:38:25 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Malwarebytes [2010.12.26 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ManyCam [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Media Center Programs [2010.10.26 08:12:10 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Media Player Classic [2010.12.05 15:44:52 | 000,000,000 | --SD | M] -- C:\Users\Leomuck\AppData\Roaming\Microsoft [2010.12.19 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Mozilla [2010.06.12 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Mp3tag [2010.07.21 01:11:45 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Notepad++ [2010.12.25 00:30:24 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Opera [2010.10.04 12:17:32 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\PlayFirst [2010.11.07 11:25:36 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Playrix Entertainment [2010.10.05 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\PoBros [2010.12.02 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\SanDisk [2010.12.01 20:21:51 | 000,000,000 | RH-D | M] -- C:\Users\Leomuck\AppData\Roaming\SecuROM [2010.12.28 10:48:10 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Skype [2010.12.28 10:05:01 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\skypePM [2010.12.27 21:48:07 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Trillian [2010.06.24 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\UNOUndercover [2010.11.15 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\ViquaSoft [2010.12.27 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\vlc [2010.06.10 19:06:09 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\WinRAR [2010.10.05 00:20:12 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\World-LooM [2010.11.07 11:14:57 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\YoudaGames [2010.10.05 10:53:05 | 000,000,000 | ---D | M] -- C:\Users\Leomuck\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.10.01 09:47:05 | 000,010,134 | R--- | M] () -- C:\Users\Leomuck\AppData\Roaming\Microsoft\Installer\{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}\ARPPRODUCTICON.exe [2010.10.01 09:47:05 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Leomuck\AppData\Roaming\Microsoft\Installer\{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}\NewShortcut21_65EFA0CB403943C5A40BFD2784C7E05E.exe [2010.10.01 09:47:05 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Leomuck\AppData\Roaming\Microsoft\Installer\{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}\NewShortcut2_65EFA0CB403943C5A40BFD2784C7E05E.exe [2010.12.01 20:20:23 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Leomuck\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2010.12.02 10:31:59 | 097,927,710 | ---- | M] (InterVideo Inc. ) -- C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\Sansa Media Converter.EXE [2010.12.14 13:32:26 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2010.12.14 14:56:15 | 000,582,536 | ---- | M] (SanDisk Corporation) -- C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe [2010.12.02 10:25:53 | 000,354,744 | ---- | M] (SanDisk Corporation) -- C:\Users\Leomuck\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:59286A3A @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:F1175E1D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DF0BC727 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2010 11:17:34 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Public\Desktop\MFtools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 68,26 Gb Total Space | 9,30 Gb Free Space | 13,62% Space Free | Partition Type: NTFS
Drive D: | 164,52 Gb Total Space | 18,22 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: Leomuck | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera 11\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera 11\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera 11\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera 11\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera 11\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera 11\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera 11\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B23E5AD-23E2-45C8-A24C-97D3A23FB6EE}" = Carcassonne CE
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"Abloadtool" = Abloadtool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast!" = avast! Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0.3
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mp3tag" = Mp3tag v2.47a
"Notepad++" = Notepad++
"Office14.STANDARDR" = Microsoft Office Standard 2010
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"SopCast" = SopCast 3.2.9
"Steam App 10" = Counter-Strike
"Steam App 12900" = Audiosurf
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 80" = Counter-Strike: Condition Zero
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Trillian" = Trillian
"tulox" = tulox
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-64241907-263897044-3531913950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dotoo" = dotoo
"FileZilla Client" = FileZilla Client 3.3.4.1
"OOrganizer beta1" = OOrganizer beta1
"Sansa Updater" = Sansa Updater
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 23.10.2010 05:46:06 | Computer Name = *** | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.
Error - 26.10.2010 02:43:04 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://download.computerbild.de/downloads/9eee5b4670a65e1761f47efd8fd133e7/4cc67851/1800422/cb_notfall-cd.iso
failed, 00000084.
Error - 26.10.2010 02:47:12 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://switch.dl.sourceforge.net/project/insert/insert/insert-1.3.9b/INSERT-1.3.9b_en.iso
failed, 0000001E.
Error - 26.10.2010 02:48:39 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://heanet.dl.sourceforge.net/project/systemrescuecd/sysresccd-x86/1.6.2/systemrescuecd-x86-1.6.2.iso
failed, 00000084.
Error - 26.10.2010 02:50:54 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://rm.mirror.garr.it/mirrors/trk/trinity-rescue-kit.3.4-build-367.iso failed,
00000084.
Error - 26.10.2010 03:07:08 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://ftp.knoppix.nl/os/Linux/distr/knoppix/ADRIANE-KNOPPIX_V6.2.1CD-2010-01-31-DE.iso
failed, 00000084.
Error - 27.12.2010 13:29:02 | Computer Name = *** | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/fwod08.iso failed, 0000001E.
[ Application Events ]
Error - 27.12.2010 09:32:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b802 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6df2
ID
des fehlerhaften Prozesses: 0x588 Startzeit der fehlerhaften Anwendung: 0x01cba5a41d47837d
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: b89865f8-11bd-11e0-9971-001c23b62a77
Error - 27.12.2010 09:36:00 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b802 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c6df2
ID
des fehlerhaften Prozesses: 0xfd0 Startzeit der fehlerhaften Anwendung: 0x01cba5ca7d34fd26
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3d3e5906-11be-11e0-9971-001c23b62a77
Error - 27.12.2010 09:47:01 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aebab8d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b802 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000051c30
ID
des fehlerhaften Prozesses: 0x1bc Startzeit der fehlerhaften Anwendung: 0x01cba5cb035bb20a
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c7ccd458-11bf-11e0-9971-001c23b62a77
Error - 27.12.2010 10:08:54 | Computer Name = *** | Source = MsiInstaller | ID = 11311
Description =
Error - 27.12.2010 16:04:34 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader_fuer_foxit-pdf-reader.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 27.12.2010 21:41:12 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.12.2010 05:39:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsass.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc155 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b802 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001ad1a
ID
des fehlerhaften Prozesses: 0x238 Startzeit der fehlerhaften Anwendung: 0x01cba66d3d2d8cf8
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\lsass.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 586b59ce-1266-11e0-8f36-001c23b62a77
Error - 28.12.2010 05:39:22 | Computer Name = *** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen
mit den Statuscode 255. Der Computer muss neu gestartet werden.
Error - 28.12.2010 05:39:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bce9c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b802 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001ad1a
ID
des fehlerhaften Prozesses: 0x240 Startzeit der fehlerhaften Anwendung: 0x01cba66d3d2d8cf8
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\lsm.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 62b8ce7d-1266-11e0-8f36-001c23b62a77
Error - 28.12.2010 05:39:38 | Computer Name = *** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
mit den Statuscode 255. Der Computer muss neu gestartet werden.
[ System Events ]
Error - 04.09.2010 08:53:21 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\GalaxyGames\PangYa_Eu\GameGuard\dump nicht geladen. Wenden Sie sich
an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error - 04.09.2010 08:53:23 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 10.09.2010 09:58:04 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?09.?2010 um 13:19:51 unerwartet heruntergefahren.
Error - 16.09.2010 09:27:41 | Computer Name = *** | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 16.09.2010 09:27:42 | Computer Name = *** | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 16.09.2010 09:27:42 | Computer Name = *** | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 19.09.2010 03:46:17 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 02.10.2010 04:37:38 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 02.10.2010 04:37:55 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 02.10.2010 04:38:55 | Computer Name = *** | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
Liebe Grüße, Leomuck Geändert von Leomuck (28.12.2010 um 12:10 Uhr) |
| Themen zu "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\" |
| 4d36e972-e325-11ce-bfc1-08002be10318, 64-bit, alternate, antivirus, avast, avast!, c:\windows\system32\rundll32.exe, datei, document, download, explorer, extras.txt, firefox.exe, google, home, home premium, ieframe.dll, jdownloader, keine viren, langs, location, logfiles, löschen, media center, microsoft office word, msiinstaller, neu, neustart, ntdll.dll, nvstor.sys, oldtimer, opera, opera.exe, ordner, otl.exe, otl.txt, plug-in, problem, probleme, programdata, programme, registry, richtlinie, saver, scan, searchplugins, seite, sptd.sys, super, systemwiederherstellung, systemwiederherstellung gemacht, syswow64, taskleiste, temp, vlc media player, webcheck, win32, win32:trojan-gen, windows, windows 7 home, windows 7 home premium, windows explorer, wrapper |
Baum-Darstellung