Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Problem mit CTV****.exe Malware/Wurm

Problem mit CTV****.exe Malware/Wurm


Log-Analyse und Auswertung: Problem mit CTV****.exe Malware/Wurm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.07.2010, 04:05   #1
Kenan
 
Problem mit CTV****.exe Malware/Wurm - Standard

Problem mit CTV****.exe Malware/Wurm


]Hallo allerseits,

seit gestern Abend habe ich Probleme mit Popups von avast! mit einer Malware Meldung im Temp Ordner.
Der Name der .exe ist immer in der Form CTV****.exe wobei die **** für Zahlen stehen.
Auch nach einem Intensiv-Scan, scheint das Problem nicht behoben zu sein, weswegen ich mich nun an euch wende.

Der Anleitung zufolge Füge ich die Reports von Malwarebytes-Anti-Malware sowie OTL hinzu. CCleaner habe ich bereits durchgeführt.


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.07.2010 04:43:50
mbam-log-2010-07-23 (04-43-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129821
Laufzeit: 5 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:
ATTFilter
OTL logfile created on: 23.07.2010 04:46:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Users\****\Desktop\0.8075334254641203.exe File not found
PRC - E:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Opera\opera.exe (Opera Software)
PRC - D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - E:\NM Monitor\nmmonitor.exe ()
PRC - D:\Avast4\ashDisp.exe (ALWIL Software)
PRC - D:\Avast4\ashServ.exe (ALWIL Software)
PRC - D:\Avast4\ashWebSv.exe (ALWIL Software)
PRC - D:\Avast4\ashSimpl.exe (ALWIL Software)
PRC - D:\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV:64bit: - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV:64bit: - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- D:\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- D:\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- D:\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- D:\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (NMSAccessU) -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys File not found
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys File not found
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys File not found
DRV:64bit: - (hwinterface) -- C:\Windows\SysNative\Drivers\hwinterface.sys File not found
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL File not found
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL File not found
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL File not found
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SPC1330) USB2.0 PC Camera (SPC1330) -- C:\Windows\SysNative\drivers\spc1330.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV - (hwinterface) -- C:\Windows\SysWOW64\drivers\hwinterface.sys (Buzz)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 95 63 43 DA AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://tv.esl.eu/de/"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.29 00:59:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: D:\Mozilla Firefox\components [2010.07.22 18:40:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.22 18:40:52 | 000,000,000 | ---D | M]
 
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.05.24 21:12:59 | 000,000,000 | ---D | M] (No name found) -- E:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.10 14:37:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qbn47nrx.default\extensions
 
O1 HOSTS File: ([2010.07.23 03:03:53 | 000,414,814 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1	w*w.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	w*w.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	w*w.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	w*w.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	w*w.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	w*w.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	w*w.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	w*w.100888290cs.com
O1 - Hosts: 127.0.0.1	w*w.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	w*w.10sek.com
O1 - Hosts: 127.0.0.1	w*w.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14321 more lines...
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg]  File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avast!] D:\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NM Monitor] E:\NM Monitor\nmmonitor.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} h**p://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{30caa2d8-67e8-11df-a4ab-00ff01000001}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell - "" = AutoRun
O33 - MountPoints2\{336ec7f0-d6aa-11de-be90-00241dd5f11a}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e53743bf-d57a-11de-8cdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.23 04:37:58 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\Malwarebytes
[2010.07.23 04:37:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.23 04:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.23 04:37:49 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.23 04:36:28 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Users\****\Desktop\mbam-setup.exe
[2010.07.23 04:36:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe
[2010.07.23 03:26:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.23 03:12:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Local\Sunbelt Software
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.23 03:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.23 02:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.20 23:54:12 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\foobar2000
[2010.07.18 01:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.07.18 01:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.07.18 01:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.07.18 01:54:05 | 000,000,000 | ---D | C] -- C:\ATI
[2010.07.17 23:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.07.17 00:15:15 | 000,053,248 | ---- | C] (Creative Technology Ltd ) -- C:\Windows\Ctregrun.exe
[2010.07.17 00:08:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2010.07.14 12:00:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.13 14:08:29 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Immersion
[2010.07.12 01:33:25 | 000,000,000 | ---D | C] -- E:\Users\****\AppData\Roaming\vlc
[2010.07.11 23:51:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\oggy
[2010.07.11 23:38:19 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Biber
[2010.07.09 19:39:50 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\n!takken
[2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.26 17:58:33 | 000,000,000 | ---D | C] -- E:\Users\****\Desktop\Anne
[2010.06.23 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.06.23 16:00:46 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.23 16:00:46 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.23 16:00:46 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.23 16:00:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.23 16:00:46 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.23 16:00:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.23 16:00:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.23 16:00:46 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 16:00:39 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.23 16:00:38 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.23 16:00:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.23 16:00:38 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.23 16:00:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.23 16:00:37 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.23 16:00:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.23 16:00:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009.07.14 01:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.23 04:49:32 | 007,340,032 | -HS- | M] () -- E:\Users\****\NTUSER.DAT
[2010.07.23 04:42:31 | 000,000,082 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:42 | 000,008,094 | ---- | M] () -- E:\Users\****\Documents\cc_20100723_044139.reg
[2010.07.23 04:36:31 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Users\****\Desktop\mbam-setup.exe
[2010.07.23 04:36:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Users\****\Desktop\OTL.exe
[2010.07.23 03:47:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.23 03:47:41 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.23 03:47:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.23 03:47:41 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.23 03:47:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 03:46:53 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 03:42:16 | 000,002,996 | ---- | M] (Buzz) -- C:\Windows\SysWow64\drivers\hwinterface.sys
[2010.07.23 03:41:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 03:41:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:41:06 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:41:06 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.23 03:40:59 | 004,108,618 | -H-- | M] () -- E:\Users\****\AppData\Local\IconCache.db
[2010.07.23 03:24:48 | 000,000,004 | -H-- | M] () -- C:\aaw7boot.cmd
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.23 03:03:53 | 000,414,814 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.20 03:32:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.20 03:32:13 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:51:31 | 000,065,208 | ---- | M] () -- E:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.17 23:51:05 | 005,016,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.17 23:02:57 | 000,002,166 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:48 | 000,001,572 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:39 | 000,002,848 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:31 | 000,016,626 | ---- | M] () -- E:\Users\****\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | M] () -- C:\Windows\sfbm.INI
[2010.07.17 00:07:50 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.07.16 23:45:08 | 000,001,836 | ---- | M] () -- E:\Users\****\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | M] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:40 | 000,015,738 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:31 | 000,040,898 | ---- | M] () -- E:\Users\****\Documents\cc_20100712_013128.reg
[2010.07.04 22:42:02 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010.07.04 19:50:55 | 209,736,827 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.07.04 16:47:29 | 000,007,808 | ---- | M] (SweetLow) -- C:\Windows\SysNative\drivers\hidusbf.sys
[2010.06.29 20:57:53 | 209,541,232 | ---- | M] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.06.26 21:55:24 | 000,005,142 | ---- | M] () -- E:\Users\****\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:04 | 000,003,636 | ---- | M] () -- E:\Users\****\Documents\cc_20100624_001200.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.23 04:42:31 | 000,000,082 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044230.reg
[2010.07.23 04:41:41 | 000,008,094 | ---- | C] () -- E:\Users\****\Documents\cc_20100723_044139.reg
[2010.07.23 03:22:31 | 000,000,004 | -H-- | C] () -- C:\aaw7boot.cmd
[2010.07.23 03:12:24 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.07.17 23:08:04 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2010.07.17 23:02:56 | 000,002,166 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230256.reg
[2010.07.17 23:02:47 | 000,001,572 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230246.reg
[2010.07.17 23:02:38 | 000,002,848 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230237.reg
[2010.07.17 23:02:29 | 000,016,626 | ---- | C] () -- E:\Users\****\Documents\cc_20100717_230228.reg
[2010.07.17 23:00:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.07.17 00:08:29 | 000,062,308 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.17 00:08:29 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.07.16 23:45:07 | 000,001,836 | ---- | C] () -- E:\Users\****\Documents\cc_20100716_234505.reg
[2010.07.16 23:33:58 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak
[2010.07.16 23:33:57 | 000,383,592 | RHS- | C] () -- C:\gdrop
[2010.07.16 23:33:57 | 000,171,136 | RHS- | C] () -- C:\xeldr
[2010.07.14 20:40:47 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.14 20:40:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.12 01:31:39 | 000,015,738 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013138.reg
[2010.07.12 01:31:29 | 000,040,898 | ---- | C] () -- E:\Users\****\Documents\cc_20100712_013128.reg
[2010.07.05 22:59:42 | 209,541,232 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_166_H264.mp4
[2010.07.05 22:57:05 | 209,736,827 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_167_H264.mp4
[2010.06.28 22:20:32 | 209,205,255 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_165_H264.mp4
[2010.06.28 22:20:28 | 209,711,157 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_164_H264.mp4
[2010.06.28 22:20:24 | 209,296,956 | ---- | C] () -- E:\Users\****\Desktop\[TnF]Naruto_Shippuuden_163_H264.mp4
[2010.06.28 22:20:06 | 209,326,072 | ---- | C] () -- E:\Users\****\Desktop\[BNFs]Naruto_Shippuuden_162_H264.mp4
[2010.06.26 21:55:23 | 000,005,142 | ---- | C] () -- E:\Users\****\Documents\cc_20100626_215519.reg
[2010.06.24 00:12:02 | 000,003,636 | ---- | C] () -- E:\Users\****\Documents\cc_20100624_001200.reg
[2010.06.23 18:31:31 | 000,013,008 | ---- | C] () -- C:\Windows\SysNative\drivers\pstrip64.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.12 20:14:21 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.12 20:14:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.12 20:14:03 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.12.30 16:05:36 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2009.12.07 18:18:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.12.05 11:37:34 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.20 20:19:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.11.20 20:19:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.20 20:19:35 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.11.20 20:19:35 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.11.20 20:19:35 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.20 20:19:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.20 20:19:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.07.14 02:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 02:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 01:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.05.26 13:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2008.06.17 11:04:00 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2006.05.19 04:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1330.ini
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\Windows\Q3version.ini
[1998.07.06 00:00:00 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\MSCC2DE.DLL
 
========== LOP Check ==========
 
[2010.03.13 20:16:03 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ace Mobile Software
[2009.12.17 21:59:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Apowersoft
[2009.12.20 23:36:10 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Auslogics
[2010.01.20 17:25:21 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock
[2010.06.05 13:39:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Bioshock2
[2009.12.05 11:39:15 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Canneverbe_Limited
[2009.12.29 20:10:19 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\CPUControl
[2009.11.21 19:13:12 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.03.21 17:59:24 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\FileZilla
[2010.07.22 15:55:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\foobar2000
[2010.01.17 21:20:51 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\GrabPro
[2010.07.18 21:15:26 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\HLSW
[2010.07.23 01:25:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Mumble
[2009.11.28 23:50:33 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Octoshape
[2010.02.05 22:50:18 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\ooVoo Details
[2009.12.17 23:09:46 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\OpenOffice.org
[2009.11.19 21:40:17 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Opera
[2010.01.25 19:08:59 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Orbit
[2010.02.14 01:34:16 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\pokerth
[2010.01.23 21:17:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Publish Providers
[2010.06.05 20:26:07 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\QIP
[2010.01.24 15:49:56 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Sony
[2010.01.24 16:11:05 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TeamViewer
[2010.05.24 21:12:58 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Thunderbird
[2010.07.15 20:29:49 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\TS3Client
[2010.05.07 23:17:40 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Ubisoft
[2010.03.13 20:21:45 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\uTorrent
[2009.11.20 01:13:09 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Win7codecs
[2010.02.06 20:29:52 | 000,000,000 | ---D | M] -- E:\Users\****\AppData\Roaming\Windows Home Server
[2010.07.23 03:22:37 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.05.17 11:22:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 23.07.2010 04:46:40 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = E:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): e:\pagefile.sys 6141 6141 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 10,48 Gb Free Space | 35,77% Space Free | Partition Type: NTFS
Drive D: | 170,51 Gb Total Space | 118,70 Gb Free Space | 69,62% Space Free | Partition Type: NTFS
Drive E: | 396,37 Gb Total Space | 71,21 Gb Free Space | 17,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TEST-PC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "D:\Opera\opera.exe" (Opera Software)
https [open] -- "D:\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40725C90-77E5-4036-B9CA-F66E3FED609A}" = Philips SPC 1330NC Webcam Driver
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6647EE24-8605-4A5D-AD3B-62DD877FBA3F}" = Aequitas File Checker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73877A89-A11E-43D6-9A15-A77FF0F48C8F}" = AMD GPU Clock Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2354269-C89A-4323-B80F-B0DD65FBA5EB}" = WinExit-Pro
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast!" = avast! Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Electronic Sports League GUI2.11.2" = Electronic Sports League GUI
"FileZilla Client" = FileZilla Client 3.3.0.1
"foobar2000" = foobar2000 v1.0.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Hamachi" = Hamachi 1.0.1.5
"HD Tune_is1" = HD Tune 2.55
"HLSW_is1" = HLSW v1.3.3.7b
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerTH 0.7.1" = PokerTH
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"StarCraft II Beta" = StarCraft II Beta
"Steam App 240" = Counter-Strike: Source
"THX_Console_Unicode" = THX-Einrichtungskonsole
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"VTFEdit_is1" = VTFEdit 1.2.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2005" = QIP 2005 8095
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.07.2010 14:38:15 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 22:15:40 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 19.07.2010 23:14:02 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 07:38:56 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 15:13:05 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.07.2010 22:56:28 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 07:04:39 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.07.2010 11:21:23 | Computer Name = test-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.07.2010 14:58:41 | Computer Name = test-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c354523  Name des fehlerhaften Moduls: capture32.dll, Version: 0.0.0.0, Zeitstempel:
 0x4b01571f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000fd54  ID des fehlerhaften Prozesses:
 0x1078  Startzeit der fehlerhaften Anwendung: 0x01cb29c5d4127742  Pfad der fehlerhaften
 Anwendung: d:\steam\steamapps\zok0\counter-strike source\hl2.exe  Pfad des fehlerhaften
 Moduls: E:\Users\****\AppData\Local\ESL Wire Game Client\aequitas\capture32.dll
Berichtskennung:
 24634760-95c3-11df-ba5c-00ff01000001
 
Error - 22.07.2010 21:12:06 | Computer Name = test-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
[ System Events ]
Error - 17.02.2010 10:29:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hwinterface" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.02.2010 08:22:52 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 08:23:11 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 08:23:39 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 18.02.2010 17:24:36 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.02.2010 17:24:58 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.02.2010 17:25:25 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
Error - 19.02.2010 07:43:20 | Computer Name = test-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\hwinterface.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.02.2010 07:43:38 | Computer Name = test-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Center TV Archive Transfer Service" ist 
vom Dienst "Windows Media Center-Empfängerdienst" abhängig, der aufgrund folgenden
 Fehlers nicht gestartet wurde:   %%1058
 
Error - 19.02.2010 07:44:06 | Computer Name = test-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   hwinterface
 
 
< End of report >

Vielen Dank schonmal für die Hilfe!
Geändert von Kenan (23.07.2010 um 04:26 Uhr)

 

Themen zu Problem mit CTV****.exe Malware/Wurm
0 bytes, 7-zip, ad-aware, alternate, antivirus, avast!, bho, c:\windows\system32\rundll32.exe, call of duty, canon, cdburnerxp, cleaner pro, components, converter, counter-strike source, diagnostics, error, fehler, firefox, flash player, format, helper, hijack, home, install.exe, kompatibilität, langs, launch, location, logfile, malware, media center, monitor, mozilla, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, problem, programdata, realtek, registry, richtlinie, rundll, saver, security, server, shell32.dll, shortcut, software, sptd.sys, staropen, syswow64, teamspeak, usbaapl64, vlc media player, webcheck


« Antivir Solution Pro, Fraud.Sysguard entfernt nach Anleitung - nun Kontrolle | Glaube wurde mit einem Trojaner infiziert :x »


Ähnliche Themen: Problem mit CTV****.exe Malware/Wurm


  1. Kalenderchen6, Malware, virus, wurm, was ist da los?
    Log-Analyse und Auswertung - 15.11.2014 (16)
  2. Trojaner, Wurm, Malware? (static.IP.clients.your-server.de, IP.rackcentre.redstation.net.uk)
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (8)
  3. Malware-Wurm
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  4. Wurm Problem - Worm.Zhelatin
    Plagegeister aller Art und deren Bekämpfung - 10.09.2010 (8)
  5. HILFE!!! Virus/Wurm/Malware iexplore.exe lässt sich nicht löschen
    Mülltonne - 19.03.2010 (10)
  6. Wurm Malware.Trace was tun
    Log-Analyse und Auswertung - 18.07.2009 (1)
  7. Trojaner/Wurm problem
    Log-Analyse und Auswertung - 05.07.2009 (1)
  8. Wurm und Malware
    Log-Analyse und Auswertung - 17.11.2008 (4)
  9. Worm-Wurm Problem
    Alles rund um Windows - 17.03.2008 (0)
  10. Problem mit Trojaner, msn-wurm?
    Log-Analyse und Auswertung - 27.02.2008 (6)
  11. Sprechender Wurm + CiD problem
    Log-Analyse und Auswertung - 22.02.2008 (6)
  12. W32/Stubbot-B Spyware-Wurm Problem!!
    Plagegeister aller Art und deren Bekämpfung - 27.08.2007 (7)
  13. Problem mit Wurm / Trojaner
    Mülltonne - 12.06.2007 (2)
  14. Hartnäckiges Problem mit Acrobat - hab ich nen Wurm?
    Log-Analyse und Auswertung - 20.07.2005 (0)
  15. Problem mit Bds Agent wurm
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2005 (1)
  16. Problem mit Wurm Remam.A
    Log-Analyse und Auswertung - 08.09.2004 (3)
  17. Neuartiger Wurm oder Malware?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Problem mit CTV****.exe Malware/Wurm - ]Hallo allerseits, seit gestern Abend habe ich Probleme mit Popups von avast! mit einer Malware Meldung im Temp Ordner. Der Name der .exe ist immer in der Form CTV****.exe wobei - Problem mit CTV****.exe Malware/Wurm...
Archiv
Du betrachtest: Problem mit CTV****.exe Malware/Wurm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131