RSA 1024 Trojan - Dateien encoded.

eye4aneye · 28.11.2010, 17:37

Hi.
Ich habe vor ca. 2 stunden auf einmal ein popup erhalten (.txt datei) + hintergrundbildänderung mit folgendem text:
" Attention!!!
All your personal files (photo, documents, texts, databases, certificates, kwm-files, video) have been encrypted by a very strong cypher RSA-1024. The original files are deleted. You can check this by yourself - just look for files in all folders.
There is no possibility to decrypt these files without a special decrypt program! Nobody can help you - even don't try to find another method or tell anybody. Also after n days all encrypted files will be completely deleted and you will have no chance to get it back.
We can help to solve this task for 120$ via wire transfer (bank transfer SWIFT/IBAN). And remember: any harmful or bad words to our side will be a reason for ingoring your message and nothing will be done.
For details you have to send your request on this e-mail (attach to message a full serial key shown below in this 'how to..' file on desktop): datafinder@fastmail.fm"

Ich habe nachgesehen und tatsächlich, auf einer Partition sind alle .jpg und alle .mp3 Dateien mit der endung .encoded versehen worden.
Hab sofort versucht einfach die endung wegzunehmen und geguckt, ob die Dateien noch ausführbar sind. Die jpgs gehen nichtmehr, allerdings die mp3s lassen danach wieder öffnen.

Ich habe dann Malewarebytes und Antivir laufen lassen mit mässigem erfolg.
Dann bin ich auf eure Seite gegangen und habe die Anleitung befolgt.
Hoffe ihr könnt mir helfen.
Danke im vorraus:

Antivir:

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 28. November 2010 16:09

Es wird nach 3097218 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Hiroshima
Computername : GAMBIT

Versionsinformationen:
BUILD.DAT : 10.0.0.596 31825 Bytes 16.11.2010 15:52:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 03.11.2010 16:23:05
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 08:27:12
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 08:27:19
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 08:27:33
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 08:27:43
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 16:23:05
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 16:23:05
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 16:23:05
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 16:23:05
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 17:28:05
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 19:05:48
VBASE015.VDF : 7.10.13.180 123904 Bytes 09.11.2010 19:05:49
VBASE016.VDF : 7.10.13.211 122368 Bytes 11.11.2010 19:39:10
VBASE017.VDF : 7.10.13.243 147456 Bytes 15.11.2010 21:22:39
VBASE018.VDF : 7.10.14.15 142848 Bytes 17.11.2010 22:23:40
VBASE019.VDF : 7.10.14.41 134144 Bytes 19.11.2010 22:23:41
VBASE020.VDF : 7.10.14.63 128000 Bytes 22.11.2010 00:53:14
VBASE021.VDF : 7.10.14.87 143872 Bytes 24.11.2010 03:43:51
VBASE022.VDF : 7.10.14.116 140800 Bytes 26.11.2010 13:41:19
VBASE023.VDF : 7.10.14.117 2048 Bytes 26.11.2010 13:41:19
VBASE024.VDF : 7.10.14.118 2048 Bytes 26.11.2010 13:41:20
VBASE025.VDF : 7.10.14.119 2048 Bytes 26.11.2010 13:41:20
VBASE026.VDF : 7.10.14.120 2048 Bytes 26.11.2010 13:41:20
VBASE027.VDF : 7.10.14.121 2048 Bytes 26.11.2010 13:41:20
VBASE028.VDF : 7.10.14.122 2048 Bytes 26.11.2010 13:41:20
VBASE029.VDF : 7.10.14.123 2048 Bytes 26.11.2010 13:41:20
VBASE030.VDF : 7.10.14.124 2048 Bytes 26.11.2010 13:41:20
VBASE031.VDF : 7.10.14.126 2048 Bytes 27.11.2010 13:41:20
Engineversion : 8.2.4.114
AEVDF.DLL : 8.1.2.1 106868 Bytes 22.09.2010 08:27:56
AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 23.11.2010 00:53:22
AESCN.DLL : 8.1.7.2 127349 Bytes 23.11.2010 00:53:21
AESBX.DLL : 8.1.3.2 254324 Bytes 23.11.2010 00:53:22
AERDL.DLL : 8.1.9.2 635252 Bytes 22.09.2010 08:27:54
AEPACK.DLL : 8.2.3.11 471416 Bytes 13.10.2010 20:28:17
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 23.11.2010 00:53:20
AEHEUR.DLL : 8.1.2.46 3088759 Bytes 28.11.2010 13:41:25
AEHELP.DLL : 8.1.15.0 246135 Bytes 28.11.2010 13:41:21
AEGEN.DLL : 8.1.4.2 401781 Bytes 23.11.2010 00:53:16
AEEMU.DLL : 8.1.3.0 393589 Bytes 23.11.2010 00:53:16
AECORE.DLL : 8.1.18.1 196984 Bytes 23.11.2010 00:53:15
AEBB.DLL : 8.1.1.0 53618 Bytes 22.09.2010 08:27:47
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 03.11.2010 16:23:05
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 03.11.2010 16:23:05
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 03.11.2010 16:23:04

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, F:, G:, H:, I:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Sonntag, 28. November 2010 16:09

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'razerofa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'razertra.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTXFISPI.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ctxfihlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'razerhid.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'H:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'I:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '203' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\' <Games>
Beginne mit der Suche in 'F:\'
Beginne mit der Suche in 'G:\'
Beginne mit der Suche in 'H:\' <Installs, Filme, Serien>
H:\Installs\Starcraft.II.Wings.of.Liberty.GERMAN-0x0007\SC2.patch1.0.2_zyberakuma.rar
[0] Archivtyp: RAR
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
--> SC2.patch1.0.2_zyberakuma\Support\Battle.net.dll
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
Beginne mit der Suche in 'I:\' <Poker>

Beginne mit der Desinfektion:
H:\Installs\Starcraft.II.Wings.of.Liberty.GERMAN-0x0007\SC2.patch1.0.2_zyberakuma.rar
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde gelöscht.

Ende des Suchlaufs: Sonntag, 28. November 2010 17:09
Benötigte Zeit: 59:16 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

28332 Verzeichnisse wurden überprüft
611330 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
611329 Dateien ohne Befall
7120 Archive wurden durchsucht
0 Warnungen
1 Hinweise

Maleware 1:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5204

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.11.2010 14:58:34
mbam-log-2010-11-28 (14-58-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150188
Laufzeit: 3 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Users\Hiroshima\AppData\Local\Temp\0.4521451385045243.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Hiroshima\AppData\Local\Temp\0.4521451385045243.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.

Malware 2:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5205

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.11.2010 15:18:13
mbam-log-2010-11-28 (15-18-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (I:\|)
Durchsuchte Objekte: 198595
Laufzeit: 8 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
I:\Downloads\cryptload_DE\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
I:\Downloads\saxuwusoyo\Sony Vegas Platinum Edition 9.0\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

OTL:

Zitat:

OTL logfile created on: 28.11.2010 17:17:49 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 19,73 Gb Free Space | 40,40% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 53,79 Gb Free Space | 29,23% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 29,20 Gb Free Space | 99,70% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 48,74 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive H: | 193,82 Gb Total Space | 66,86 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Drive I: | 193,82 Gb Total Space | 71,40 Gb Free Space | 36,84% Space Free | Partition Type: NTFS

Computer Name: GAMBIT | User Name: Hiroshima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.28 17:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.11.03 17:23:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.03 17:23:05 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 17:23:05 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.10.05 13:12:36 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.07.07 19:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 19:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.05.05 15:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010.04.27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009.06.17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.02.03 10:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.12.19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

========== Modules (SafeList) ==========

MOD - [2010.11.28 17:10:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.16 22:28:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.03 17:23:05 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 17:23:05 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.10.05 13:12:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.08.29 15:23:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.28 20:37:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.30 10:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.11.28 14:33:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.28 14:33:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.23 01:53:23 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.10.25 19:25:01 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.07.09 12:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010.07.07 21:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 21:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 21:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 21:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 21:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 21:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 21:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 21:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.19 16:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010.03.02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.12.21 20:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.30 16:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 15 20 FA CC 33 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.08 06:36:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 01:47:09 | 000,000,000 | ---D | M]

[2010.08.28 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\mozilla\Extensions
[2010.11.28 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\mozilla\Firefox\Profiles\lhi5ljeh.default\extensions
[2010.10.09 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\mozilla\Firefox\Profiles\lhi5ljeh.default\extensions\nasanightlaunch@example.com
[2010.11.28 15:17:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.05 22:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Poker\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Poker\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bc9c0df2-b2e9-11df-8c03-00248c818808}\Shell - "" = AutoRun
O33 - MountPoints2\{bc9c0df2-b2e9-11df-8c03-00248c818808}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.11.28 17:16:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.28 17:15:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.11.28 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.26 14:28:13 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Roaming\Avira
[2010.11.26 09:55:23 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\Documents\Criterion Games
[2010.11.26 09:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010.11.24 09:28:43 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Roaming\2K Sports
[2010.11.21 19:35:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.11.18 01:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.11.18 01:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.11.18 01:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.11.18 01:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.11.18 01:42:14 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Local\Adobe
[2010.11.16 02:36:05 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\Desktop\Settings
[2010.11.16 02:35:54 | 000,446,464 | ---- | C] (Anubis @ G4G.PL) -- C:\Users\Hiroshima\Desktop\COD BO RCon Tool by Anubis @ G4G.pl.exe
[2010.11.11 02:18:17 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.11.11 02:18:17 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.11.09 01:28:42 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.11.09 01:28:42 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Roaming\GHISLER
[2010.11.08 23:02:38 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Local\Activision
[2010.11.08 21:55:15 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Local\Treyarch
[2010.11.07 01:46:37 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Local\My Games
[2010.10.31 18:27:22 | 000,000,000 | ---D | C] -- C:\Users\Hiroshima\AppData\Local\FalloutNV
[2010.07.08 23:08:08 | 014,905,920 | ---- | C] (GetData Pty Ltd ) -- C:\Users\Hiroshima\AppData\Roaming\RecoverMyFiles-Setup.exe
[2010.07.07 19:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010.11.28 17:17:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.28 17:17:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.28 17:17:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.28 17:17:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.28 17:17:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.28 17:15:43 | 000,000,920 | ---- | M] () -- C:\Users\Hiroshima\Desktop\NTREGOPT.lnk
[2010.11.28 17:15:43 | 000,000,901 | ---- | M] () -- C:\Users\Hiroshima\Desktop\ERUNT.lnk
[2010.11.28 17:13:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.28 17:13:17 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.28 17:12:34 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.11.28 17:12:34 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.11.28 17:12:34 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.11.28 15:28:18 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.28 15:28:18 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.28 14:58:25 | 000,471,560 | ---- | M] () -- C:\Users\Hiroshima\Desktop\Load.exe
[2010.11.28 14:33:11 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.11.28 14:33:11 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.11.26 09:55:44 | 000,001,033 | ---- | M] () -- C:\Users\Hiroshima\Desktop\NFS11.exe - Verknüpfung.lnk
[2010.11.24 09:26:01 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\NBA 2K11.lnk
[2010.11.23 01:53:23 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.22 22:29:06 | 000,001,468 | ---- | M] () -- C:\Users\Hiroshima\Desktop\BlackOpsRcon.exe - Verknüpfung.lnk
[2010.11.21 08:29:20 | 000,000,355 | ---- | M] () -- C:\Users\Hiroshima\Computer - Verknüpfung.lnk
[2010.11.18 01:47:09 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.15 00:51:26 | 000,446,464 | ---- | M] (Anubis @ G4G.PL) -- C:\Users\Hiroshima\Desktop\COD BO RCon Tool by Anubis @ G4G.pl.exe
[2010.11.09 01:28:43 | 000,000,632 | ---- | M] () -- C:\Users\Hiroshima\Desktop\Total Commander.lnk
[2010.11.08 23:06:41 | 000,000,201 | ---- | M] () -- C:\Users\Hiroshima\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010.11.07 01:45:19 | 000,000,363 | ---- | M] () -- C:\Users\Hiroshima\Desktop\Sid Meiers Civilization V.lnk
[2010.11.06 19:53:41 | 215,923,516 | ---- | M] () -- C:\Users\Hiroshima\Documents\backup.reg
[2010.11.05 22:29:20 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.11.05 21:42:14 | 000,000,201 | ---- | M] () -- C:\Users\Hiroshima\Desktop\Call of Duty Black Ops.url
[2010.11.05 06:51:02 | 000,000,690 | ---- | M] () -- C:\Users\Public\Desktop\Left4Dead2 NoSteam.lnk

========== Files Created - No Company Name ==========

[2010.11.28 17:15:43 | 000,000,920 | ---- | C] () -- C:\Users\Hiroshima\Desktop\NTREGOPT.lnk
[2010.11.28 17:15:43 | 000,000,901 | ---- | C] () -- C:\Users\Hiroshima\Desktop\ERUNT.lnk
[2010.11.28 14:58:20 | 000,471,560 | ---- | C] () -- C:\Users\Hiroshima\Desktop\Load.exe
[2010.11.28 14:33:11 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.11.28 14:33:11 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.11.26 09:55:44 | 000,001,033 | ---- | C] () -- C:\Users\Hiroshima\Desktop\NFS11.exe - Verknüpfung.lnk
[2010.11.24 09:26:01 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\NBA 2K11.lnk
[2010.11.22 22:29:06 | 000,001,468 | ---- | C] () -- C:\Users\Hiroshima\Desktop\BlackOpsRcon.exe - Verknüpfung.lnk
[2010.11.21 08:29:20 | 000,000,355 | ---- | C] () -- C:\Users\Hiroshima\Computer - Verknüpfung.lnk
[2010.11.18 01:44:04 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.09 01:28:43 | 000,000,632 | ---- | C] () -- C:\Users\Hiroshima\Desktop\Total Commander.lnk
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010.11.09 01:28:42 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010.11.08 23:06:41 | 000,000,201 | ---- | C] () -- C:\Users\Hiroshima\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010.11.07 01:45:19 | 000,000,363 | ---- | C] () -- C:\Users\Hiroshima\Desktop\Sid Meiers Civilization V.lnk
[2010.11.06 19:53:35 | 215,923,516 | ---- | C] () -- C:\Users\Hiroshima\Documents\backup.reg
[2010.11.05 22:29:20 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.11.05 21:42:14 | 000,000,201 | ---- | C] () -- C:\Users\Hiroshima\Desktop\Call of Duty Black Ops.url
[2010.11.05 06:33:10 | 000,000,690 | ---- | C] () -- C:\Users\Public\Desktop\Left4Dead2 NoSteam.lnk
[2010.10.20 02:37:42 | 000,067,666 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt
[2010.10.11 22:57:14 | 000,000,045 | ---- | C] () -- C:\Users\Hiroshima\AppData\Local\machpro.dat
[2010.09.18 15:34:48 | 000,007,602 | ---- | C] () -- C:\Users\Hiroshima\AppData\Local\Resmon.ResmonCfg
[2010.09.13 05:35:10 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010.09.13 05:35:09 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.13 05:35:09 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.12 17:18:20 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.28 20:39:22 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010.08.28 20:36:37 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.08.28 20:36:37 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.08.28 20:36:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.07.09 20:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.07 20:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.07.07 19:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.01 09:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

========== LOP Check ==========

[2010.11.24 09:28:43 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\2K Sports
[2010.09.22 10:08:44 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\BitTorrent
[2010.08.29 15:01:57 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\bizarre creations
[2010.10.25 19:28:15 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\DAEMON Tools Pro
[2010.11.09 01:29:36 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\GHISLER
[2010.10.20 02:48:47 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\HEM Data
[2010.08.29 23:15:19 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\KeePass
[2010.10.01 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Leadertech
[2010.09.20 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Need for Speed World
[2010.10.20 02:38:55 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\postgresql
[2010.09.11 01:35:02 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Publish Providers
[2010.08.28 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Razer
[2010.09.11 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Sony
[2010.08.29 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\Static Windows Live Mail Backup
[2010.08.30 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\Hiroshima\AppData\Roaming\TS3Client
[2010.11.28 15:04:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.08.28 21:05:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.11.28 17:13:17 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.28 17:13:22 | 4293,386,240 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2010.10.20 02:37:42 | 000,067,666 | ---- | M] () -- C:\Program Files (x86)\hminstalllog.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\LocationApi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

Extras:

Zitat:

OTL Extras logfile created on: 28.11.2010 17:17:49 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 19,73 Gb Free Space | 40,40% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 53,79 Gb Free Space | 29,23% Space Free | Partition Type: NTFS
Drive F: | 29,29 Gb Total Space | 29,20 Gb Free Space | 99,70% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 48,74 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive H: | 193,82 Gb Total Space | 66,86 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Drive I: | 193,82 Gb Total Space | 71,40 Gb Free Space | 36,84% Space Free | Partition Type: NTFS

Computer Name: GAMBIT | User Name: Hiroshima | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC65635F-3A3A-48CB-8976-A1F32ED1ECA4}" = TableNinja
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Fraps" = Fraps (remove only)
"HoldemManager" = Holdem Manager
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"JDownloader" = JDownloader
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"L4D2 RevEXE v2040+" = L4D2 RevEXE v2040+
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"My Program_is1" = LANPoker Version 0.07.11.15c
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"Static Windows Live Mail Backup_is1" = Static Windows Live Mail Backup 2.9
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42720" = Call of Duty Black Ops - Remote Console
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

cosinus · 29.11.2010, 18:42

Zitat:

Die jpgs gehen nichtmehr,,....

Lass mich raten, du hast kein Backup

Zitat:

H:\Installs\Starcraft.II.Wings.of.Liberty.GERMAN-0x0007\SC2.patch1.0.2_zyberakuma.rar
I:\Downloads\saxuwusoyo\Sony Vegas Platinum Edition 9.0\patch.exe

...nutzt dafür aber gecrackte Software, sowas ist einfach nur

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

RSA 1024 Trojan - Dateien encoded.

Log-Analyse und Auswertung: RSA 1024 Trojan - Dateien encoded.

RSA 1024 Trojan - Dateien encoded.

RSA 1024 Trojan - Dateien encoded.

Ähnliche Themen: RSA 1024 Trojan - Dateien encoded.