Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


Plagegeister aller Art und deren Bekämpfung: trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2011, 18:11   #1
EvilStevel
 
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Beitrag

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


Hallöchen
Ich habe mich soeben in diesem Forum angemeldet in der Hoffung,
dass mir jemand helfen kann.
Ich bin im Umgang mit dem Computer und Windows Vista generell recht versiert.
Seit dem heutigen Tage ist es so, dass mir ca. im 5 minuten tackt, von Avira gemeldet wird, dass maleware gefunden wurde.
bisher immer im ordner C:\Windows\Temp\ und die bezeichnung danach vechselst jedes mal.
der name des virus ist "TR/Crypt.XPACK.Gen3"
seit dem ich diese meldungen bekomme, ist mein computer (genauer gesagt mein notebook) langsamer als zuvor.
ich habe auch im besagten ordner schon nach der genannten datei gesucht aber bin leider nicht fündig geworden.
wie muss ich vorgehen?
über hilfestellung freue ich mich sehr =)
steve

Alt 09.09.2011, 19:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Standard

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 10.09.2011, 08:39   #3
EvilStevel
 
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Standard

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


Ich habe jetzt mit "malwarebytes" einen scan durchgeführt
und dabei kam folgendes raus:

Datenbank Version: 7685

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09.09.2011 23:00:48
mbam-log-2011-09-09 (23-00-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 380051
Laufzeit: 2 Stunde(n), 10 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 13

Infizierte Speicherprozesse:
c:\program files\Razer\Lachesis\razerhid.exe (Trojan.LVBP) -> 3820 -> No action taken.

Infizierte Speichermodule:
c:\Users\Steve\AppData\Local\thpicrot.dll (Trojan.Hiloti) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rxagexizodulipor (Trojan.Hiloti) -> Value: Rxagexizodulipor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.

Infizierte Dateien:
c:\Users\Steve\AppData\Local\thpicrot.dll (Trojan.Hiloti) -> No action taken.
c:\program files\Razer\Lachesis\razerhid.exe (Trojan.LVBP) -> No action taken.
c:\downloads\corel paint shop pro x3\Keygen\cpspp.x3_keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\downloads\Software\installer_my_video_converter_1_5_1_deutsch.exe (PUP.SmsPay.PGen) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\Users\Steve\AppData\Local\Temp\conxraeswm.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Steve\AppData\Local\Temp\jar_cache6593241593544703977.tmp (Spyware.SpyEye) -> No action taken.
c:\Users\Steve\AppData\Local\Temp\1FE5.tmp (Trojan.Agent) -> No action taken.
c:\Windows\Fonts\HF3QX.com (Trojan.LVBP) -> No action taken.
c:\Windows\Temp\egepuo\setup.exe (Trojan.LVBP) -> No action taken.
c:\Windows\Temp\hlvncn\setup.exe (Trojan.Agent) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-3304485110-2132740420-26872689-1000\$rg0awp6.com]\SONY_VEG.COM\ACTIVACI\PATCH\KEYGEN_D.EXE (Trojan.Agent) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.

ich habe (da ich den pc neustarten musste und nicht wusste, ob ich dann noch die möglichkeit dazu habe ohne wieder 2,5 stunden auf einen scan zu warten)
alle angeblichen trojaner mit diesem programm entfernt.
jetzt hatte ich heute den ersten bluesceen beim hochfahren und sobald ich auf dem desktop bin kommt die meldung:

"RunDLL
Fehler beim Laden von C:\Users\Steve\AppData\Local\thpicrot.dll
Das engegebene Modul wurde nicht gefunden."
__________________
Alt 10.09.2011, 08:44   #4
EvilStevel
 
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Standard

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


OTL log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.09.2011 00:01:34 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Steve\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 29,17% Memory free
4,23 Gb Paging File | 2,65 Gb Available in Paging File | 62,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 250,31 Gb Free Space | 53,74% Space Free | Partition Type: NTFS
 
Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.09 18:52:38 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2011.09.08 13:29:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.07.19 12:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 09:34:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 08:40:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.08 13:29:03 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011.04.16 04:28:47 | 006,053,536 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2007.08.07 02:31:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (AMService)
SRV - [2011.08.05 21:22:51 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.19 12:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.05.21 09:34:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.15 14:50:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.21 21:16:50 | 004,093,392 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.19 12:15:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.19 12:15:31 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.31 13:45:00 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.01.01 10:12:18 | 000,081,168 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.12.26 19:54:45 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.24 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.08.08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007.08.07 02:30:52 | 002,601,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.04.26 03:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.12.21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Usbicp.sys -- (uisp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 13:29:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.08 13:29:04 | 000,000,000 | ---D | M]
 
[2011.03.11 11:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Extensions
[2011.09.09 14:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\0dchivgb.default\extensions
[2011.04.21 00:14:37 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\0dchivgb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.27 13:52:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steve\AppData\Roaming\mozilla\Firefox\Profiles\0dchivgb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.08 13:39:12 | 000,000,950 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin-1.xml
[2011.08.17 08:49:37 | 000,000,950 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin-2.xml
[2011.09.05 08:50:35 | 000,000,950 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin-3.xml
[2011.09.08 13:29:14 | 000,000,950 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin-4.xml
[2011.04.21 00:14:37 | 000,000,168 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin.gif
[2011.04.21 00:14:37 | 000,000,618 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin.src
[2011.06.09 08:45:50 | 000,000,842 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\icqplugin.xml
[2011.08.05 02:05:02 | 000,001,218 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0dchivgb.default\searchplugins\kikin-search.xml
[2011.07.08 08:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.25 15:31:03 | 000,000,000 | ---D | M] (VMLoad) -- C:\Program Files\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}
[2011.05.17 01:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.08 08:16:57 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.05.17 01:38:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 08:45:50 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.09 08:45:50 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.09 08:45:50 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.23 16:39:17 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.09 08:45:50 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} -  File not found
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} -  File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Rxagexizodulipor]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACD49511-D9A2-40FC-8B47-8B37A4D6C3E6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6DA0486-5F7C-4120-A499-094B43D3F4D7}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steve\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steve\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19d4b3a2-fd6d-11df-a23a-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{19d4b3a2-fd6d-11df-a23a-00137766d46e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{19d4b506-fd6d-11df-a23a-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{19d4b506-fd6d-11df-a23a-00137766d46e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{19d4b551-fd6d-11df-a23a-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{19d4b551-fd6d-11df-a23a-00137766d46e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5b4c7d0b-0461-11e0-a7c6-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{5b4c7d0b-0461-11e0-a7c6-00137766d46e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{713700ab-f404-11df-b0ee-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{713700ab-f404-11df-b0ee-00137766d46e}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{713700b1-f404-11df-b0ee-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{713700b1-f404-11df-b0ee-00137766d46e}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{a90ca212-8b67-11e0-8852-00137766d46e}\Shell - "" = AutoRun
O33 - MountPoints2\{a90ca212-8b67-11e0-8852-00137766d46e}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpFolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VMLoad.lnk -  - File not found
MsConfig - StartUpReg: 4E3E0230AEBB4E96 - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: C-Media Speaker Configuration - hkey= - key= - C:\Program Files\C-Media\WIN_ME\Setup.exe ()
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= -  File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: Lachesis - hkey= - key= -  File not found
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Steve\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Rxagexizodulipor - hkey= - key= -  File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.09 22:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.09.09 20:46:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011.09.09 20:46:20 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.09 20:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.09 20:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.09 20:46:14 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.09 20:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.09 17:47:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.09.09 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\en_GB
[2011.09.08 21:57:58 | 000,249,856 | ---- | C] (Razer Inc.) -- C:\Windows\System32\Lachesis.cpl
[2011.09.08 21:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011.09.08 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2011.09.08 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\InstallShield
[2011.09.08 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (9)
[2011.09.08 14:18:57 | 000,014,592 | ---- | C] (Motorola) -- C:\Windows\System32\drivers\Usbicp.sys
[2011.09.08 14:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2011.09.08 14:14:53 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\System32\drivers\Lachesis.sys
[2011.08.26 18:41:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (8)
[2011.08.20 21:31:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (7)
[2011.08.19 20:04:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (6)
[2011.08.17 19:25:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Automatisch beibehalten von Corel
[2011.08.14 10:16:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (5)
[2011.08.12 19:37:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\Neuer Ordner (4)
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.09 23:26:08 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.09 23:26:07 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.09 23:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.09 23:20:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011.09.09 22:21:27 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011.09.09 21:37:58 | 000,000,112 | ---- | M] () -- C:\ProgramData\hB5783b.dat
[2011.09.09 21:21:23 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011.09.09 20:46:20 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.09 20:20:06 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011.09.09 20:13:28 | 004,697,318 | ---- | M] () -- C:\Users\Steve\Desktop\blabla.jpg
[2011.09.09 20:05:13 | 000,005,590 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.09.09 19:59:56 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.09 19:59:56 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.09 19:59:56 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.09 19:59:55 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.09 19:20:13 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011.09.09 18:20:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.09.08 18:57:23 | 178,779,954 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.29 10:08:20 | 000,000,680 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2011.08.20 16:54:11 | 000,000,132 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS5 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.09 20:46:20 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.09 20:08:00 | 004,697,318 | ---- | C] () -- C:\Users\Steve\Desktop\blabla.jpg
[2011.09.09 17:57:27 | 000,000,112 | ---- | C] () -- C:\ProgramData\hB5783b.dat
[2011.09.09 17:56:11 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011.09.09 17:56:09 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011.09.09 17:56:09 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011.09.09 17:56:08 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011.09.09 17:56:07 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011.09.09 17:56:06 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011.09.09 17:56:05 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011.09.09 17:56:04 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011.09.09 17:56:03 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011.09.09 17:56:02 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011.09.09 17:56:01 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011.09.09 17:55:59 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011.09.09 17:55:58 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011.09.09 17:55:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011.09.09 17:55:57 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011.09.09 17:55:56 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011.09.09 17:55:55 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011.09.09 17:55:53 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011.09.09 17:55:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011.09.09 17:55:49 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011.09.09 17:55:48 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011.09.09 17:55:45 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011.09.09 17:55:43 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011.09.09 17:55:42 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.09.09 16:42:26 | 003,307,406 | ---- | C] () -- C:\Users\Steve\Desktop\tw10428.dat
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.03.11 19:22:19 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011.03.11 19:22:18 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2011.03.11 17:17:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.11 17:15:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.11 17:15:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.11 00:33:46 | 000,020,333 | ---- | C] () -- C:\Windows\cmaudio.ini
[2011.02.13 23:25:43 | 000,000,067 | ---- | C] () -- C:\Windows\My Video Converter.INI
[2011.02.12 19:45:29 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.02.12 19:45:29 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.02.12 19:45:29 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.12.04 15:39:00 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.11.26 00:11:33 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010.11.25 16:20:58 | 000,022,328 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\PnkBstrK.sys
[2010.10.25 20:50:47 | 000,005,590 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.10.25 20:50:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\2567F9F4A5.sys
[2010.10.20 18:13:11 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.16 14:23:59 | 000,067,072 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.07 15:43:50 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010.10.07 15:28:26 | 000,000,680 | ---- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.14 15:35:57 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2007.08.07 02:31:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.07 02:30:44 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,849,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.08.05 00:25:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2010.12.26 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2011.07.27 13:52:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoft
[2011.03.29 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.30 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Free Download Manager
[2011.09.09 23:39:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ICQ
[2010.11.04 20:44:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ijjigame
[2011.05.15 18:26:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MotioninJoy
[2011.05.23 16:39:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OCS
[2011.04.21 01:34:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ooVoo Details
[2011.02.22 11:46:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011.05.23 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2010.11.03 19:58:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers
[2011.05.16 22:43:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Samsung
[2010.12.14 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2010.11.11 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.03 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TS3Client
[2011.07.31 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Tunngle
[2010.10.25 20:50:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ulead Systems
[2011.01.18 01:35:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VMLoad
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011.09.09 18:20:01 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011.09.09 19:20:13 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011.09.09 20:20:06 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011.09.09 21:21:23 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011.09.09 22:21:27 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011.09.09 23:20:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011.09.09 18:03:24 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011.09.09 23:47:06 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.05 00:25:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\.minecraft
[2011.02.15 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Adobe
[2010.11.11 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Adobe Mini Bridge CS5
[2011.01.23 21:55:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ArcSoft
[2010.10.07 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ATI
[2010.11.04 14:32:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Avira
[2010.11.03 19:37:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Corel
[2010.12.26 22:05:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Lite
[2010.10.14 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DivX
[2011.07.27 13:52:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoft
[2011.03.29 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.30 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Free Download Manager
[2011.09.09 23:39:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ICQ
[2010.10.07 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Identities
[2010.11.04 20:44:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ijjigame
[2011.09.08 21:56:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\InstallShield
[2010.10.07 15:32:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Macromedia
[2010.11.20 13:05:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Macrovision
[2011.09.09 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Media Center Programs
[2011.09.08 15:40:57 | 000,000,000 | --SD | M] -- C:\Users\Steve\AppData\Roaming\Microsoft
[2011.05.15 18:26:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MotioninJoy
[2011.03.11 11:08:13 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla
[2011.05.23 16:39:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OCS
[2011.04.21 01:34:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ooVoo Details
[2011.02.22 11:46:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011.05.23 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera
[2010.11.03 19:58:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers
[2011.05.16 22:43:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Samsung
[2010.11.25 17:02:31 | 000,000,000 | RH-D | M] -- C:\Users\Steve\AppData\Roaming\SecuROM
[2011.08.31 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Skype
[2011.08.31 16:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\skypePM
[2010.12.14 19:42:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2010.11.11 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.03 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TS3Client
[2011.07.31 15:43:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Tunngle
[2010.10.25 20:50:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ulead Systems
[2011.06.22 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\vlc
[2011.01.18 01:35:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VMLoad
[2010.10.07 17:10:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinRAR
[2010.12.10 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.11.04 12:55:47 | 000,393,216 | ---- | M] (Acresso Software Inc.) -- C:\Users\Steve\AppData\Roaming\ijjigame\setup.exe
[2011.06.05 20:24:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steve\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.06.05 20:24:46 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Steve\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.06.05 20:24:46 | 000,008,854 | R--- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2011.05.23 16:39:09 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Steve\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.05.23 16:39:09 | 000,040,960 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2010.10.07 16:01:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2010.10.07 16:02:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2010.10.07 16:02:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2010.10.07 16:02:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2010.10.07 16:01:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2010.10.07 16:01:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.01.03 13:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.10.07 15:55:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.10.07 15:55:03 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.12.26 19:54:45 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 00:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.19 00:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
--- --- ---
Alt 11.09.2011, 12:44   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Standard

trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


Zitat:
c:\downloads\corel paint shop pro x3\Keygen\cpspp.x3_keygen.exe (Trojan.Dropper.PGen) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-3304485110-2132740420-26872689-1000\$rg0awp6.com]\SONY_VEG.COM\ACTIVACI\PATCH\KEYGEN_D.EXE (Trojan.Agent) -> No action taken.


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir
5 minuten, angemeldet, antivir, avira, c:\windows, computer, datei, entfernen, forum, gesucht, heutige, kommt immer wieder, langsamer, maleware, maleware gefunden, meldungen, minuten, notebook, ordner, recht, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trotz, virus, vista, windows, windows vista


« SASW-Scan findet PSGuard und Trojan.Agent/Gen-Krpytik | searchqu.com/406 löschen unter Windows XT »


Ähnliche Themen: trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir


  1. db29.exe. kommt immer wieder trotz virenscan und quarantäne
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (16)
  2. Antivir findet immer wieder TR/atraps.gen, TR/atraps.gen2 , HTML/expKit.Gen3
    Log-Analyse und Auswertung - 17.11.2013 (12)
  3. vermutlich von einem Trojaner infiziert - TR/Crypt.XPACK.Gen3 wurde von Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (9)
  4. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  5. Trojaner BDS/ZeroAccess.Gen in Datei C:\Recycle.Bin\... von Avira Antivir erkannt und kommt immer wieder
    Log-Analyse und Auswertung - 01.06.2013 (21)
  6. GVU, Polizei, BKA Trojaner kommt immer und immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (3)
  7. TR/Crypt.XPACK.Gen2 unter SysVolInf kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (3)
  8. TR/ATRAPS.Gen2 mit antivir gefunden kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (4)
  9. Antivir hat die Trojaner Tiny.psa, Dropper.Gen und Crypt.XPACK.Gen3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  10. Trojaner kommt immer wieder
    Log-Analyse und Auswertung - 05.08.2010 (19)
  11. Bitte um HiJack-Logfile Auswertung - AntiVir findet Trojaner der immer wieder kommt
    Log-Analyse und Auswertung - 23.07.2010 (1)
  12. Virus der immer wieder kommt trotz Formatierung
    Plagegeister aller Art und deren Bekämpfung - 03.04.2010 (7)
  13. Trojaner kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 02.06.2009 (1)
  14. ALEUpdat.exe trotz formatierung kommt es immer wieder
    Mülltonne - 22.12.2008 (0)
  15. Trojaner kommt immer wieder...
    Log-Analyse und Auswertung - 24.08.2008 (11)
  16. Trojaner, kommt immer wieder...!
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (3)
  17. AntiVir findet und löscht "TR/Dldr.Small.ayl.0" -Der Trojaner kommt aber immer wieder
    Log-Analyse und Auswertung - 24.02.2006 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir - Hallöchen Ich habe mich soeben in diesem Forum angemeldet in der Hoffung, dass mir jemand helfen kann. Ich bin im Umgang mit dem Computer und Windows Vista generell recht versiert. - trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir...
Archiv
Du betrachtest: trojaner TR/Grypt.XPACK.Gen3 kommt immer wieder trotz entfernen mit Antivir auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131