Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Problem mit CTV****.exe Malware/Wurm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 23.07.2010, 04:05   #1
Kenan
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



]Hallo allerseits,

seit gestern Abend habe ich Probleme mit Popups von avast! mit einer Malware Meldung im Temp Ordner.
Der Name der .exe ist immer in der Form CTV****.exe wobei die **** für Zahlen stehen.
Auch nach einem Intensiv-Scan, scheint das Problem nicht behoben zu sein, weswegen ich mich nun an euch wende.

Der Anleitung zufolge Füge ich die Reports von Malwarebytes-Anti-Malware sowie OTL hinzu. CCleaner habe ich bereits durchgeführt.


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.07.2010 04:43:50
mbam-log-2010-07-23 (04-43-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129821
Laufzeit: 5 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Code:
ATTFilter
OTL logfile created on: 23.07.2010 04:46:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Users\****\Desktop\0.8075334254641203.exe File not found
PRC - E:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Opera\opera.exe (Opera Software)
PRC - D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - E:\NM Monitor\nmmonitor.exe ()
PRC - D:\Avast4\ashDisp.exe (ALWIL Software)
PRC - D:\Avast4\ashServ.exe (ALWIL Software)
PRC - D:\Avast4\ashWebSv.exe (ALWIL Software)
PRC - D:\Avast4\ashSimpl.exe (ALWIL Software)
PRC - D:\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- D:\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- D:\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- D:\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- D:\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (NMSAccessU) -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys File not found
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys File not found
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys File not found
DRV:64bit: - (hwinterface) -- C:\Windows\SysNative\Drivers\hwinterface.sys File not found
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL File not found
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL File not found
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL File not found
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\Windows\SysNative\drivers\spc1330.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Buzz)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 95 63 43 DA AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://tv.esl.eu/de/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.29 00:59:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: D:\Mozilla Firefox\components [2010.07.22 18:40:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.22 18:40:52 | 000,000,000 | ---D | M]
 
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.10 14:37:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qbn47nrx.default\extensions
 
O1 HOSTS File: ([2010.07.23 03:03:53 | 000,414,814 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1	w*w.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	w*w.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	w*w.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	w*w.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	w*w.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	w*w.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	w*w.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	w*w.100888290cs.com
O1 - Hosts: 127.0.0.1	w*w.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	w*w.10sek.com
O1 - Hosts: 127.0.0.1	w*w.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14321 more lines...
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg]  File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast!] D:\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NM Monitor] E:\NM Monitor\nmmonitor.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell - "" = AutoRun
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.23 04:37:58 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\Malwarebytes
[2010.07.23 04:37:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.23 04:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.23 04:37:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.23 04:36:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Users\****\Desktop\mbam-setup.exe
[2010.07.23 04:36:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe
[2010.07.23 03:26:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.23 03:12:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Local\Sunbelt Software
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.23 02:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.20 23:54:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\foobar2000
[2010.07.18 01:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.07.18 01:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.07.18 01:54:05 | 000,000,000 | ---D | C] -- C:\ATI
[2010.07.17 23:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.07.17 00:15:15 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010.07.17 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010.07.14 12:00:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.13 14:08:29 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Immersion
[2010.07.12 01:33:25 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\vlc
[2010.07.11 23:51:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\oggy
[2010.07.11 23:38:19 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Biber
[2010.07.09 19:39:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\n!takken
[2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.26 17:58:33 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Anne
[2010.06.23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.06.23 16:00:46 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.23 16:00:46 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.23 16:00:46 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.23 16:00:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.23 16:00:46 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.23 16:00:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.23 16:00:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.23 16:00:46 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 16:00:39 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.23 16:00:38 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.23 16:00:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.23 16:00:38 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.23 16:00:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.23 16:00:37 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.23 16:00:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.23 16:00:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009.07.14 01:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.23 04:49:32 | 007,340,032 | -HS- | M] () -- E:\Users\****\NTUSER.DAT
[2010.07.23 04:42:31 | 000,000,082 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:42 | 000,008,094 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044139.reg
[2010.07.23 04:36:31 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Users\****\Desktop\mbam-setup.exe
[2010.07.23 04:36:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe
[2010.07.23 03:47:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.23 03:47:41 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.23 03:47:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.23 03:47:41 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.23 03:47:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 03:42:16 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWow64\drivers\hwinterface.sys
[2010.07.23 03:41:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 03:41:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:41:06 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:40:59 | 004,108,618 | -H-- | M] () -- E:\Users\****\AppData\Local\IconCache.db
[2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.23 03:03:53 | 000,414,814 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.20 03:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:51:31 | 000,065,208 | ---- | M] () -- E:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.17 23:51:05 | 005,016,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.17 23:02:57 | 000,002,166 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:48 | 000,001,572 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:39 | 000,002,848 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:31 | 000,016,626 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI
[2010.07.17 00:07:50 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.07.16 23:45:08 | 000,001,836 | ---- | M] () -- E:\Users\****\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:40 | 000,015,738 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:31 | 000,040,898 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013128.reg
[2010.07.04 22:42:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010.07.04 19:50:55 | 209,736,827 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.07.04 16:47:29 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2010.06.29 20:57:53 | 209,541,232 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.06.26 21:55:24 | 000,005,142 | ---- | M] () -- E:\Users\****\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:04 | 000,003,636 | ---- | M] () -- E:\Users\****\Documents\cc_20100624_001200.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.23 04:42:31 | 000,000,082 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:41 | 000,008,094 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044139.reg
[2010.07.23 03:22:31 | 000,000,004 | -H-- | C] () -- C:\aaw7boot.cmd
[2010.07.23 03:12:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:02:56 | 000,002,166 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:47 | 000,001,572 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:38 | 000,002,848 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:29 | 000,016,626 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.07.17 00:08:29 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.17 00:08:29 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.16 23:45:07 | 000,001,836 | ---- | C] () -- E:\Users\****\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:39 | 000,015,738 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:29 | 000,040,898 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013128.reg
[2010.07.05 22:59:42 | 209,541,232 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.07.05 22:57:05 | 209,736,827 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.06.28 22:20:32 | 209,205,255 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4
[2010.06.28 22:20:28 | 209,711,157 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4
[2010.06.28 22:20:24 | 209,296,956 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4
[2010.06.28 22:20:06 | 209,326,072 | ---- | C] () -- E:\Users\****\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4
[2010.06.26 21:55:23 | 000,005,142 | ---- | C] () -- E:\Users\****\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:02 | 000,003,636 | ---- | C] () -- E:\Users\****\Documents\cc_20100624_001200.reg
[2010.06.23 18:31:31 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.12 20:14:21 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.12 20:14:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.12 20:14:03 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.12.30 16:05:36 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2009.12.07 18:18:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.12.05 11:37:34 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.20 20:19:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.11.20 20:19:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.20 20:19:35 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.11.20 20:19:35 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.11.20 20:19:35 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.20 20:19:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.20 20:19:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.07.14 02:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008.06.17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2006.05.19 04:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini
[1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\MSCC2DE.DLL
 
========== LOP Check ==========
 
[2010.03.13 20:16:03 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ace Mobile Software
[2009.12.17 21:59:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Apowersoft
[2009.12.20 23:36:10 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Auslogics
[2010.01.20 17:25:21 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock
[2010.06.05 13:39:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock2
[2009.12.05 11:39:15 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Canneverbe_Limited
[2009.12.29 20:10:19 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\CPUControl
[2009.11.21 19:13:12 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.03.21 17:59:24 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\FileZilla
[2010.07.22 15:55:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\foobar2000
[2010.01.17 21:20:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\GrabPro
[2010.07.18 21:15:26 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\HLSW
[2010.07.23 01:25:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Mumble
[2009.11.28 23:50:33 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Octoshape
[2010.02.05 22:50:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\ooVoo Details
[2009.12.17 23:09:46 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\OpenOffice.org
[2009.11.19 21:40:17 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Opera
[2010.01.25 19:08:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Orbit
[2010.02.14 01:34:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\pokerth
[2010.01.23 21:17:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Publish Providers
[2010.06.05 20:26:07 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\QIP
[2010.01.24 15:49:56 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Sony
[2010.01.24 16:11:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TeamViewer
[2010.05.24 21:12:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Thunderbird
[2010.07.15 20:29:49 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TS3Client
[2010.05.07 23:17:40 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ubisoft
[2010.03.13 20:21:45 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\uTorrent
[2009.11.20 01:13:09 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Win7codecs
[2010.02.06 20:29:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Windows Home Server
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.05.17 11:22:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 23.07.2010 04:46:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6647EE24-8605-4A5D-AD3B-62DD877FBA3F}" = Aequitas File Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Electronic Sports League GUI2.11.2" = Electronic Sports League GUI
"FileZilla Client" = FileZilla Client 3.3.0.1
"foobar2000" = foobar2000 v1.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerTH 0.7.1" = PokerTH
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX-Einrichtungskonsole
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2010 14:38:15 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 22:15:40 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 23:14:02 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 07:38:56 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 15:13:05 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 22:56:28 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 07:04:39 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 11:21:23 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.07.2010 14:58:41 | Computer Name = test-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c354523  Name des fehlerhaften Moduls: capture32.dll, Version: 0.0.0.0, Zeitstempel:
 0x4b01571f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000fd54  ID des fehlerhaften Prozesses:
 0x1078  Startzeit der fehlerhaften Anwendung: 0x01cb29c5d4127742  Pfad der fehlerhaften
 Anwendung: d:\steam\steamapps\zok0\counter-strike source\hl2.exe  Pfad des fehlerhaften
 Moduls: E:\Users\****\AppData\Local\ESL Wire Game Client\aequitas\capture32.dll
Berichtskennung:
 24634760-95c3-11df-ba5c-00ff01000001
 
Error - 22.07.2010 21:12:06 | Computer Name = test-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ System Events ]
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hwinterface" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.02.2010 08:22:52 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 08:23:11 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 08:23:39 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 18.02.2010 17:24:36 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 17:24:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 17:25:25 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 19.02.2010 07:43:20 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.02.2010 07:43:38 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 19.02.2010 07:44:06 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
 
< End of report >
         

Vielen Dank schonmal für die Hilfe!

Geändert von Kenan (23.07.2010 um 04:26 Uhr)

Alt 23.07.2010, 14:10   #2
Larusso
/// Selecta Jahrusso
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm





Zitat:
Adobe Creative Suite 5 Master Collection
Software um ca 2.500 $ gekauft ?

Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Zeigt mir genau das gegenteil

Erklärung hierfür ?
__________________

__________________

Alt 23.07.2010, 14:16   #3
Kenan
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Ich hab den PC nicht selbst aufgespielt, sondern lediglich von einem Freund übernommen.
Adobe Programme benutze ich garnicht, da ich mich mit ihnen nicht auskenne & weiß,
dass man professionell geschult sein muss um sie in dem Umfang verwenden zu können, sodass sich die Anschaffung lohnt.

Wenn du mir sagst wie ich das Programm komplett löschen kann werde ich dem nachgehen.

Dennoch ist mir schleierhaft was eine nicht-originale Version eines Design Programms mit meinen Problemen zu tun hat.
__________________

Alt 23.07.2010, 14:32   #4
Larusso
/// Selecta Jahrusso
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Weil ich erstens, nicht helfe sobald ich illegale Software finde.
zweitens die Cracks meist dezent verseucht sind.

Die Story mit dem Freund kann ich jetzt glauben oder auch nicht
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 23.07.2010, 14:37   #5
Kenan
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Richtig, es ist deine Entscheidung ob du mir helfen möchtest oder nicht.
Auf Wunsch deinstalliere ich es & mache nochmal alle Scans damit du heute Abend ein "sauberes" System siehst.

Mir ist die Adobe Suite dermaßen egal, ich möchte nur das mein Computer wieder "gesund" ist, sodass ich wieder Online Banking bzw meine Anstehenden Überweisungen tätigen kann.

Ich habe nun die Suite deinstalliert und den active host gelöscht.
Sonst noch etwas, dass ich deinstallieren soll?


Alt 23.07.2010, 15:00   #6
Larusso
/// Selecta Jahrusso
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



richtige Reaktion
Gibt da manch andere die checken da total aus ^^

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________
--> Problem mit CTV****.exe Malware/Wurm

Alt 23.07.2010, 15:42   #7
Kenan
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Ich habe alle Schritte der Anleitung entsprechend durchgeführt,
jedoch ist nachdem OTL fertig war mit dem scan keine extras.txt generiert worden sondern lediglich die OTL.txt

Hier zunächst die MBAM.txt

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4340

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.07.2010 16:31:30
mbam-log-2010-07-23 (16-31-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129314
Laufzeit: 2 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

und hier die OTL.txt

Code:
ATTFilter
OTL logfile created on: 23.07.2010 16:37:31 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\David\Desktop\MFTools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 11,85 Gb Free Space | 40,44% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 121,70 Gb Free Space | 71,38% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,43 Gb Free Space | 18,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: David
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - E:\Users\David\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - E:\NM Monitor\nmmonitor.exe ()
PRC - D:\Avast4\ashDisp.exe (ALWIL Software)
PRC - D:\Avast4\ashServ.exe (ALWIL Software)
PRC - D:\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Users\David\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Internet Explorer\ieproxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\StructuredQuery.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\SearchFolder.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- D:\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- D:\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- D:\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- D:\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (NMSAccessU) -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys File not found
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys File not found
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys File not found
DRV:64bit: - (hwinterface) -- C:\Windows\SysNative\Drivers\hwinterface.sys File not found
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL File not found
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL File not found
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL File not found
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\Windows\SysNative\drivers\spc1330.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Buzz)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 95 63 43 DA AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://tv.esl.eu/de/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: D:\Mozilla Firefox\components [2010.07.22 18:40:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.23 15:49:31 | 000,000,000 | ---D | M]
 
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\mozilla\Extensions
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\David\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.10 14:37:52 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\qbn47nrx.default\extensions
 
O1 HOSTS File: ([2010.07.23 15:56:58 | 000,414,784 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 14320 more lines...
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg]  File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast!] D:\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NM Monitor] E:\NM Monitor\nmmonitor.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell - "" = AutoRun
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.23 16:28:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.23 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.07.23 16:25:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.23 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.23 16:18:55 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\MFTools
[2010.07.23 04:37:58 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Malwarebytes
[2010.07.23 04:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.23 04:37:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.23 03:12:12 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Sunbelt Software
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.23 02:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.20 23:54:12 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\foobar2000
[2010.07.18 01:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.07.18 01:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.07.18 01:54:05 | 000,000,000 | ---D | C] -- C:\ATI
[2010.07.17 23:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.07.17 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010.07.13 14:08:29 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Immersion
[2010.07.12 01:33:25 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\vlc
[2010.07.11 23:51:50 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\oggy
[2010.07.11 23:38:19 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Biber
[2010.07.09 19:39:50 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\n!takken
[2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.26 17:58:33 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Anne
[2010.06.23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.06.21 16:17:08 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\China
[2010.06.20 02:08:18 | 000,000,000 | ---D | C] -- E:\Users\David\Documents\My Library
[2010.06.20 02:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2010.06.17 20:34:07 | 000,000,000 | ---D | C] -- E:\Users\David\Desktop\Portable_Quake_III_sh
[2010.06.17 20:27:11 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.06.17 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2010.06.13 20:49:08 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Zattoo
[2010.06.08 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.06.08 18:51:15 | 000,000,000 | ---D | C] -- E:\Users\David\temp
[2010.06.05 20:26:07 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\QIP
[2010.05.31 15:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.05.28 21:31:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.05.28 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.05.27 19:18:48 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.05.25 12:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.05.24 21:12:56 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Thunderbird
[2010.05.24 21:12:56 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Local\Thunderbird
[2010.05.22 14:15:54 | 000,000,000 | ---D | C] -- E:\Users\David\Documents\StarCraft II Beta
[2010.05.22 14:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.05.17 15:40:58 | 000,021,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.05.07 23:17:40 | 000,000,000 | ---D | C] -- E:\Users\David\AppData\Roaming\Ubisoft
[2010.05.07 23:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.04.30 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2009.07.14 01:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.23 16:37:29 | 007,340,032 | -HS- | M] () -- E:\Users\David\NTUSER.DAT
[2010.07.23 16:28:57 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.23 16:28:57 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.23 16:28:57 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.23 16:28:57 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.23 16:28:57 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.23 16:28:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 16:28:03 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 16:27:35 | 000,000,845 | ---- | M] () -- E:\Users\David\Desktop\NTREGOPT.lnk
[2010.07.23 16:27:35 | 000,000,832 | ---- | M] () -- E:\Users\David\Desktop\ERUNT.lnk
[2010.07.23 16:23:22 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWow64\drivers\hwinterface.sys
[2010.07.23 16:22:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 16:22:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 16:22:18 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 16:22:18 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 16:22:18 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 16:22:09 | 004,123,496 | -H-- | M] () -- E:\Users\David\AppData\Local\IconCache.db
[2010.07.23 16:18:08 | 000,410,680 | ---- | M] () -- E:\Users\David\Desktop\Load.exe
[2010.07.23 15:56:58 | 000,414,784 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.23 04:42:31 | 000,000,082 | ---- | M] () -- E:\Users\David\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:42 | 000,008,094 | ---- | M] () -- E:\Users\David\Documents\cc_20100723_044139.reg
[2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.20 03:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:51:31 | 000,065,208 | ---- | M] () -- E:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.17 23:51:05 | 005,016,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.17 23:02:57 | 000,002,166 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:48 | 000,001,572 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:39 | 000,002,848 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:31 | 000,016,626 | ---- | M] () -- E:\Users\David\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI
[2010.07.17 00:07:50 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.07.16 23:45:08 | 000,001,836 | ---- | M] () -- E:\Users\David\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:40 | 000,015,738 | ---- | M] () -- E:\Users\David\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:31 | 000,040,898 | ---- | M] () -- E:\Users\David\Documents\cc_20100712_013128.reg
[2010.07.04 22:42:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010.07.04 19:50:55 | 209,736,827 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.07.04 16:47:29 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2010.06.29 20:57:53 | 209,541,232 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.06.26 21:55:24 | 000,005,142 | ---- | M] () -- E:\Users\David\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:04 | 000,003,636 | ---- | M] () -- E:\Users\David\Documents\cc_20100624_001200.reg
[2010.06.22 19:39:12 | 209,205,255 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4
[2010.06.19 16:11:51 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.17 23:41:15 | 000,000,403 | ---- | M] () -- C:\Windows\win.ini
[2010.06.15 18:49:16 | 209,711,157 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4
[2010.06.13 20:56:16 | 000,019,456 | ---- | M] () -- E:\Users\David\AppData\Local\WebpageIcons.db
[2010.06.06 15:30:27 | 209,296,956 | ---- | M] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4
[2010.06.05 20:15:02 | 000,006,982 | ---- | M] () -- E:\Users\David\Documents\cc_20100605_201458.reg
[2010.05.31 14:57:12 | 000,921,624 | ---- | M] () -- C:\spc1330-001.raw
[2010.05.30 14:49:02 | 209,326,072 | ---- | M] () -- E:\Users\David\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4
[2010.05.27 19:47:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.26 23:59:25 | 000,007,602 | ---- | M] () -- E:\Users\David\AppData\Local\Resmon.ResmonCfg
[2010.05.26 23:53:41 | 000,001,538 | ---- | M] () -- E:\Users\David\Documents\cc_20100526_235340.reg
[2010.05.26 23:53:34 | 000,004,746 | ---- | M] () -- E:\Users\David\Documents\cc_20100526_235332.reg
[2010.05.25 17:15:04 | 000,016,430 | ---- | M] () -- E:\Users\David\Documents\cc_20100525_171501.reg
[2010.05.25 17:14:55 | 000,043,674 | ---- | M] () -- E:\Users\David\Documents\cc_20100525_171452.reg
[2010.05.25 17:13:28 | 000,000,504 | ---- | M] () -- E:\Users\David\Desktop\HLSW.lnk
[2010.05.25 17:13:20 | 000,000,481 | ---- | M] () -- E:\Users\David\Desktop\ESL Wire Gaming Client.lnk
[2010.05.17 15:40:59 | 000,021,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\hamachi.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.07.23 16:27:35 | 000,000,845 | ---- | C] () -- E:\Users\David\Desktop\NTREGOPT.lnk
[2010.07.23 16:27:35 | 000,000,832 | ---- | C] () -- E:\Users\David\Desktop\ERUNT.lnk
[2010.07.23 16:18:08 | 000,410,680 | ---- | C] () -- E:\Users\David\Desktop\Load.exe
[2010.07.23 04:42:31 | 000,000,082 | ---- | C] () -- E:\Users\David\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:41 | 000,008,094 | ---- | C] () -- E:\Users\David\Documents\cc_20100723_044139.reg
[2010.07.23 03:22:31 | 000,000,004 | -H-- | C] () -- C:\aaw7boot.cmd
[2010.07.23 03:12:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:02:56 | 000,002,166 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:47 | 000,001,572 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:38 | 000,002,848 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:29 | 000,016,626 | ---- | C] () -- E:\Users\David\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.07.17 00:08:29 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.17 00:08:29 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.16 23:45:07 | 000,001,836 | ---- | C] () -- E:\Users\David\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:39 | 000,015,738 | ---- | C] () -- E:\Users\David\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:29 | 000,040,898 | ---- | C] () -- E:\Users\David\Documents\cc_20100712_013128.reg
[2010.07.05 22:59:42 | 209,541,232 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.07.05 22:57:05 | 209,736,827 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.06.28 22:20:32 | 209,205,255 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4
[2010.06.28 22:20:28 | 209,711,157 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4
[2010.06.28 22:20:24 | 209,296,956 | ---- | C] () -- E:\Users\David\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4
[2010.06.28 22:20:06 | 209,326,072 | ---- | C] () -- E:\Users\David\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4
[2010.06.26 21:55:23 | 000,005,142 | ---- | C] () -- E:\Users\David\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:02 | 000,003,636 | ---- | C] () -- E:\Users\David\Documents\cc_20100624_001200.reg
[2010.06.23 18:31:31 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
[2010.06.19 16:11:51 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.13 20:49:08 | 000,019,456 | ---- | C] () -- E:\Users\David\AppData\Local\WebpageIcons.db
[2010.06.05 20:15:01 | 000,006,982 | ---- | C] () -- E:\Users\David\Documents\cc_20100605_201458.reg
[2010.05.27 19:47:34 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.05.26 23:53:40 | 000,001,538 | ---- | C] () -- E:\Users\David\Documents\cc_20100526_235340.reg
[2010.05.26 23:53:33 | 000,004,746 | ---- | C] () -- E:\Users\David\Documents\cc_20100526_235332.reg
[2010.05.25 20:06:17 | 000,007,046 | ---- | C] () -- E:\Users\David\wtvClient.log
[2010.05.25 17:15:02 | 000,016,430 | ---- | C] () -- E:\Users\David\Documents\cc_20100525_171501.reg
[2010.05.25 17:14:53 | 000,043,674 | ---- | C] () -- E:\Users\David\Documents\cc_20100525_171452.reg
[2010.05.25 17:13:28 | 000,000,504 | ---- | C] () -- E:\Users\David\Desktop\HLSW.lnk
[2010.05.25 17:13:20 | 000,000,481 | ---- | C] () -- E:\Users\David\Desktop\ESL Wire Gaming Client.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.12 20:14:21 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.12 20:14:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.12 20:14:03 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.12.30 16:05:36 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2009.12.07 18:18:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.12.05 11:37:34 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.20 20:19:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.11.20 20:19:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.20 20:19:35 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.11.20 20:19:35 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.11.20 20:19:35 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.20 20:19:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.20 20:19:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.07.14 02:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008.06.17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2006.05.19 04:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini
[1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\MSCC2DE.DLL
 
========== LOP Check ==========
 
[2010.03.13 20:16:03 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Ace Mobile Software
[2009.12.17 21:59:51 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Apowersoft
[2009.12.20 23:36:10 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Auslogics
[2010.01.20 17:25:21 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Bioshock
[2010.06.05 13:39:18 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Bioshock2
[2009.12.05 11:39:15 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Canneverbe_Limited
[2009.12.29 20:10:19 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\CPUControl
[2009.11.21 19:13:12 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\DAEMON Tools Lite
[2010.03.21 17:59:24 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\FileZilla
[2010.07.22 15:55:16 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\foobar2000
[2010.01.17 21:20:51 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\GrabPro
[2010.07.18 21:15:26 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\HLSW
[2010.07.23 01:25:58 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Mumble
[2009.11.28 23:50:33 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Octoshape
[2010.02.05 22:50:18 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\ooVoo Details
[2009.12.17 23:09:46 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\OpenOffice.org
[2009.11.19 21:40:17 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Opera
[2010.01.25 19:08:59 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Orbit
[2010.02.14 01:34:16 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\pokerth
[2010.01.23 21:17:05 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Publish Providers
[2010.06.05 20:26:07 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\QIP
[2010.01.24 15:49:56 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Sony
[2010.01.24 16:11:05 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\TeamViewer
[2010.05.24 21:12:58 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Thunderbird
[2010.07.15 20:29:49 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\TS3Client
[2010.05.07 23:17:40 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Ubisoft
[2010.03.13 20:21:45 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\uTorrent
[2009.11.20 01:13:09 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Win7codecs
[2010.02.06 20:29:52 | 000,000,000 | ---D | M] -- E:\Users\David\AppData\Roaming\Windows Home Server
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.05.17 11:22:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009.11.20 04:16:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009.11.22 16:20:43 | 000,438,840 | RHS- | M] () -- C:\bootxez
[2010.04.22 17:56:52 | 000,007,200 | ---- | M] () -- C:\CTSUFile.txt
[2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010.07.23 16:22:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.31 14:57:12 | 000,921,624 | ---- | M] () -- C:\spc1330-001.raw
[2009.11.20 04:24:57 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2009.11.22 16:20:43 | 000,206,312 | RHS- | M] () -- C:\XELDZ
[2009.11.22 16:20:43 | 000,009,216 | RHS- | M] () -- C:\XELDZ.1st
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.07.23 16:23:22 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWOW64\drivers\hwinterface.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
         
Nachdem ich allerdings bei OTL Extra-Registrierung -> benutze Safelist ausgewählt habe, wurde folgende extras.txt erstellt:

Code:
ATTFilter
OTL Extras logfile created on: 23.07.2010 17:02:19 - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\David\Desktop\MFTools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 11,85 Gb Free Space | 40,43% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 121,70 Gb Free Space | 71,38% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,41 Gb Free Space | 18,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: David
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6647EE24-8605-4A5D-AD3B-62DD877FBA3F}" = Aequitas File Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Electronic Sports League GUI2.11.2" = Electronic Sports League GUI
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.0.1
"foobar2000" = foobar2000 v1.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerTH 0.7.1" = PokerTH
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX-Einrichtungskonsole
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2010 14:38:15 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 22:15:40 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 23:14:02 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 07:38:56 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 15:13:05 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 22:56:28 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 07:04:39 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 11:21:23 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.07.2010 14:58:41 | Computer Name = test-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c354523  Name des fehlerhaften Moduls: capture32.dll, Version: 0.0.0.0, Zeitstempel:
 0x4b01571f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000fd54  ID des fehlerhaften Prozesses:
 0x1078  Startzeit der fehlerhaften Anwendung: 0x01cb29c5d4127742  Pfad der fehlerhaften
 Anwendung: d:\steam\steamapps\zok0\counter-strike source\hl2.exe  Pfad des fehlerhaften
 Moduls: E:\Users\David\AppData\Local\ESL Wire Game Client\aequitas\capture32.dll
Berichtskennung:
 24634760-95c3-11df-ba5c-00ff01000001
 
Error - 22.07.2010 21:12:06 | Computer Name = test-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ System Events ]
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hwinterface" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.02.2010 08:22:52 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 08:23:11 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 08:23:39 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 18.02.2010 17:24:36 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 17:24:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 17:25:25 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 19.02.2010 07:43:20 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.02.2010 07:43:38 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Geändert von Kenan (23.07.2010 um 16:07 Uhr)

Alt 24.07.2010, 21:37   #8
Larusso
/// Selecta Jahrusso
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Grundreinigung mit SUPERAntiSpyware
  • Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
  • Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
  • Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
  • Eine bebilderte Anleitung findest Du hier.
  • Schließe alle Anwendungen inkl. Browser.
  • Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
  • Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
  • Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
  • Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
  • Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
  • Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
  • Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
  • Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
  • Bitte kopiere diesen Bericht hier in den Thread.


Schritt 2

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update XX) von [http://www.java.com/de/download/manual.jsp]Oracle[/url]. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6uXX-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars (Yahoo Toolbar) nicht mitinstallieren.


Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde[list][*] Klicke Finish.[*]Browser schließen.[*]Explorer öffnen.[*]C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.[*]Logfile hier posten.


Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
SASW Log
ESET Log
OTL.txt
Extras.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 31.07.2010, 21:18   #9
Larusso
/// Selecta Jahrusso
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm



Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Problem mit CTV****.exe Malware/Wurm
0 bytes, 7-zip, ad-aware, alternate, antivirus, avast!, bho, c:\windows\system32\rundll32.exe, call of duty, canon, cdburnerxp, cleaner pro, components, converter, counter-strike source, diagnostics, error, fehler, firefox, flash player, format, helper, hijack, home, install.exe, kompatibilität, langs, launch, location, logfile, malware, media center, monitor, mozilla, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, problem, programdata, realtek, registry, richtlinie, rundll, saver, security, server, shell32.dll, shortcut, software, sptd.sys, staropen, syswow64, teamspeak, usbaapl64, vlc media player, webcheck



Ähnliche Themen: Problem mit CTV****.exe Malware/Wurm


  1. Kalenderchen6, Malware, virus, wurm, was ist da los?
    Log-Analyse und Auswertung - 15.11.2014 (16)
  2. Trojaner, Wurm, Malware? (static.IP.clients.your-server.de, IP.rackcentre.redstation.net.uk)
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (8)
  3. Malware-Wurm
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  4. Wurm Problem - Worm.Zhelatin
    Plagegeister aller Art und deren Bekämpfung - 10.09.2010 (8)
  5. HILFE!!! Virus/Wurm/Malware iexplore.exe lässt sich nicht löschen
    Mülltonne - 19.03.2010 (10)
  6. Wurm Malware.Trace was tun
    Log-Analyse und Auswertung - 18.07.2009 (1)
  7. Trojaner/Wurm problem
    Log-Analyse und Auswertung - 05.07.2009 (1)
  8. Wurm und Malware
    Log-Analyse und Auswertung - 17.11.2008 (4)
  9. Worm-Wurm Problem
    Alles rund um Windows - 17.03.2008 (0)
  10. Problem mit Trojaner, msn-wurm?
    Log-Analyse und Auswertung - 27.02.2008 (6)
  11. Sprechender Wurm + CiD problem
    Log-Analyse und Auswertung - 22.02.2008 (6)
  12. W32/Stubbot-B Spyware-Wurm Problem!!
    Plagegeister aller Art und deren Bekämpfung - 27.08.2007 (7)
  13. Problem mit Wurm / Trojaner
    Mülltonne - 12.06.2007 (2)
  14. Hartnäckiges Problem mit Acrobat - hab ich nen Wurm?
    Log-Analyse und Auswertung - 20.07.2005 (0)
  15. Problem mit Bds Agent wurm
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2005 (1)
  16. Problem mit Wurm Remam.A
    Log-Analyse und Auswertung - 08.09.2004 (3)
  17. Neuartiger Wurm oder Malware?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2003 (1)

Zum Thema Problem mit CTV****.exe Malware/Wurm - ]Hallo allerseits, seit gestern Abend habe ich Probleme mit Popups von avast! mit einer Malware Meldung im Temp Ordner. Der Name der .exe ist immer in der Form CTV****.exe wobei - Problem mit CTV****.exe Malware/Wurm...
Archiv
Du betrachtest: Problem mit CTV****.exe Malware/Wurm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.