Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR\Crypt.XPACK.Gen.3

TR\Crypt.XPACK.Gen.3


Plagegeister aller Art und deren Bekämpfung: TR\Crypt.XPACK.Gen.3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.03.2012, 19:44   #1
Tremor
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3


Hallo, habe mir heute den Trojaner "TR\Crypt.XPACK.Gen.3" eingefangen. (lt. Antivir). Angeblich ist nun meine Festplatte defekt, Desktop Hintergrund fehlt, alle Verknüfpungen + das komplette Start Menü.


Immer wieder öffnet sich auch die Fehlermeldung:

Zitat:
Failed to save all the components for the file \\System32\\0000246d. The file is corrputed or unreadable. This error may be caused by a PC hardware problem.
Das wiederholt sich mit verschiedenen Dateien, "\\00002eb2", "00004c90", etc.

Antivir hat gemeldet:

Code:
ATTFilter
Die Datei 'C:\Users\Matt\AppData\Local\Temp\9SXYol5OHJoZM5.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ac24354.qua' verschoben!

Habe Anti-Malware drüber laufen lassen, hat nicht geholfen.

Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.18.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
**** :: ****-PC [Administrator]

18.03.2012 15:55:09
mbam-log-2012-03-18 (15-55-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 937961
Laufzeit: 3 Stunde(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
F:\Programme\Steam\SteamApps\common\bunch of heroes\keyconfig.exe (Trojan.FakeMSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier mal das OLT Logfile:
Code:
ATTFilter
OTL logfile created on: 18.03.2012 19:07:55 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,11% Memory free
6,22 Gb Paging File | 4,58 Gb Available in Paging File | 73,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 58,04 Gb Free Space | 20,15% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,47 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 398,79 Gb Free Space | 42,81% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\mF90qQFOIStw2F.exe ( )
PRC - C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Logitech\SetPointG\SetPointII.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Matt\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9eb937785d5a8bc2767ae7efcdd29d43\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (X4HSX32) -- C:\Program Files\GameTap\bin\Release\X4HSX32.Sys File not found
DRV - (PCANDIS4) -- C:\Windows\system32\PCANDIS4.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ewdmaudn) -- C:\Users\Matt\AppData\Local\Temp\ewdmaudn.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (cpuz130) -- C:\Users\Matt\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avo6xkg8) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (XENfiltv) -- C:\Windows\System32\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PRISM_A02) -- C:\Windows\System32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070704
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070704
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = hxxp://www.wcsearch.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 98.109.55.193:5743
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "GoogleCOM"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "GoogleCOM"
FF - user.js..keyword.URL: "hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npgametaptool,version=1.0: C:\Program Files\GameTap\bin\Release\npgametaptool.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6d: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1002010_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.16 23:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 16:53:36 | 000,000,000 | ---D | M]
 
[2008.06.30 16:24:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Extensions
[2012.02.24 17:25:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions
[2010.04.29 17:08:05 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.18 15:00:51 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.14 20:50:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\moveplayer@movenetworks.com
[2012.02.01 19:06:30 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\toolbar@ask.com
[2009.02.23 11:18:24 | 000,000,894 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\conduit.xml
[2012.03.12 15:18:33 | 000,000,950 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-1.xml
[2007.09.21 10:56:07 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-2.xml
[2007.10.20 20:45:31 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-3.xml
[2007.11.02 20:24:27 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-4.xml
[2007.11.29 14:33:08 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-5.xml
[2007.12.01 16:33:03 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-6.xml
[2008.02.19 18:16:46 | 000,000,951 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin.xml
[2011.11.24 01:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.04 12:06:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.21 00:01:07 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2011.03.30 21:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011.03.30 21:32:24 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.16 23:13:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.05.27 09:50:02 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012.03.16 23:13:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.16 23:13:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.16 23:13:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.18 00:09:53 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2008.12.23 15:58:14 | 000,001,307 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-com.xml
[2012.03.16 23:13:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.16 23:13:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.16 23:13:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.03 14:36:47 | 000,412,757 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	163ns.com
O1 - Hosts: 14253 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ycVEDYkOmkxvLr.exe] C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] F:\Programme\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7720894E-7A6E-4A81-AB45-7D15C92E25E9}: NameServer = 10.24.40.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2B740F6-3B4D-4FB3-A34D-D0E2BA4A718D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f8682ffa-8c54-11de-aefa-0003c975525e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8682ffa-8c54-11de-aefa-0003c975525e}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{fac83151-50d9-11dc-b564-0003c975525e}\Shell - "" = AutoRun
O33 - MountPoints2\{fac83151-50d9-11dc-b564-0003c975525e}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.18 19:06:05 | 000,389,024 | -H-- | C] (Bleeping Computer, LLC) -- C:\Users\Matt\Desktop\unhide.exe
[2012.03.18 19:05:32 | 000,594,432 | -H-- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012.03.18 15:19:06 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.14 12:37:08 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 12:37:06 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 12:37:06 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 12:37:06 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 12:37:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 12:37:06 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.14 12:36:57 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.14 12:29:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.09 15:24:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.03.09 15:24:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.03.09 15:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.03.09 15:24:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.03.09 15:24:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.03.09 15:24:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.03.09 15:24:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.03.09 15:24:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.03.09 15:24:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.03.09 15:24:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.03.09 15:24:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.03.09 15:24:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.03.09 15:24:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.03.09 15:24:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.03.09 15:24:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.03.09 15:24:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.03.09 15:24:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.03.09 15:24:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.03.09 15:24:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.03.09 15:24:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.03.09 15:24:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.03.09 15:24:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.03.09 15:24:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.03.09 15:24:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.03.09 15:24:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.03.09 15:24:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.03.09 15:24:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.03.09 15:24:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.03.09 15:24:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.03.09 15:24:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.03.09 15:24:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.03.09 15:24:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.03.09 15:24:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.03.09 15:24:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.03.09 15:24:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.03.09 15:24:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.03.09 15:24:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.03.05 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.03.05 18:25:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.03.05 18:24:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2012.03.04 18:26:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realistic Colors and Real Nights 2.0 - HDR Edition -
[2012.03.04 12:06:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 12:05:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype
[2012.03.03 17:20:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.27 20:41:12 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Daedalic
[2012.02.27 16:53:36 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.02.27 16:53:36 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.02.27 16:53:35 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.02.27 16:53:35 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.02.26 19:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Desktop\PS3
[2012.02.22 16:15:19 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Local\Daedalic Entertainment
[2012.02.22 16:12:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2012.02.22 16:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Daedalic Entertainment
[2012.02.20 14:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.20 14:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.02.20 14:07:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.02.20 14:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.02.20 13:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.02.20 13:57:26 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.20 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.02.19 23:38:19 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Desktop\Humble Bundle
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.18 19:06:04 | 000,389,024 | -H-- | M] (Bleeping Computer, LLC) -- C:\Users\Matt\Desktop\unhide.exe
[2012.03.18 19:05:51 | 000,711,134 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.18 19:05:51 | 000,649,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.18 19:05:51 | 000,158,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.18 19:05:51 | 000,130,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.18 19:05:28 | 000,594,432 | -H-- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012.03.18 19:01:41 | 000,000,272 | ---- | M] () -- C:\ProgramData\~mF90qQFOIStw2F
[2012.03.18 19:01:41 | 000,000,192 | ---- | M] () -- C:\ProgramData\~mF90qQFOIStw2Fr
[2012.03.18 18:57:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.18 18:57:34 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 18:57:34 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 18:57:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 15:49:00 | 000,002,032 | -H-- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012.03.18 15:23:53 | 000,000,440 | ---- | M] () -- C:\ProgramData\mF90qQFOIStw2F
[2012.03.18 15:19:27 | 000,000,607 | -H-- | M] () -- C:\Users\Matt\Desktop\System Check.lnk
[2012.03.18 15:17:47 | 000,356,352 | ---- | M] ( ) -- C:\ProgramData\mF90qQFOIStw2F.exe
[2012.03.18 14:55:22 | 000,356,352 | ---- | M] ( ) -- C:\ProgramData\l8FKuuTQMiJGdz.exe
[2012.03.18 14:54:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 14:52:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.18 14:45:36 | 000,445,440 | ---- | M] ( ) -- C:\ProgramData\ycVEDYkOmkxvLr.exe
[2012.03.15 23:54:46 | 001,710,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 15:24:22 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.03.09 15:24:22 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.03.09 15:24:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.03.09 15:24:08 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.03.09 15:24:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.03.09 15:24:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.03.09 15:24:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.03.09 15:24:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.03.09 15:24:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.03.09 15:24:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.03.09 15:24:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.03.09 15:24:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.03.09 15:24:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.03.09 15:24:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.03.09 15:24:06 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.03.09 15:24:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.03.09 15:24:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.03.09 15:24:06 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.03.09 15:24:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.03.09 15:24:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.03.09 15:24:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.03.09 15:24:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.03.09 15:24:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.03.09 15:24:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.03.09 15:24:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.03.09 15:24:05 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.03.09 15:24:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.03.09 15:24:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.03.09 15:24:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.03.09 15:24:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.03.09 15:24:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.03.09 15:24:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.03.09 15:24:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.03.09 15:24:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.03.09 15:24:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.03.09 15:24:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.03.09 15:24:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.03.09 15:24:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.03.09 15:24:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.03.09 15:24:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.03.07 02:39:52 | 000,094,208 | -H-- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.03 18:32:38 | 000,087,465 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the bigreal.jpg
[2012.03.03 18:31:33 | 000,361,672 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the bigreal.psd
[2012.03.03 18:23:24 | 000,087,187 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the big.jpg
[2012.02.29 20:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.02.27 16:53:17 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.02.27 16:53:17 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.02.27 16:53:17 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.02.27 16:53:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.02.27 16:53:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.02.26 15:36:27 | 000,032,944 | -H-- | M] () -- C:\Users\Matt\Desktop\wirkungskette.jpg
[2012.02.25 19:58:49 | 000,002,595 | -H-- | M] () -- C:\Users\Matt\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.02.25 16:30:37 | 169,358,619 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.20 14:11:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.02.20 13:11:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.18 15:39:09 | 000,263,832 | -H-- | M] () -- C:\Users\Matt\Desktop\mw3.jpg
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 15:19:37 | 000,000,272 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2F
[2012.03.18 15:19:37 | 000,000,192 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2Fr
[2012.03.18 15:19:27 | 000,000,607 | -H-- | C] () -- C:\Users\Matt\Desktop\System Check.lnk
[2012.03.18 15:18:36 | 000,000,440 | ---- | C] () -- C:\ProgramData\mF90qQFOIStw2F
[2012.03.18 15:17:43 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\mF90qQFOIStw2F.exe
[2012.03.18 14:55:22 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\l8FKuuTQMiJGdz.exe
[2012.03.18 14:48:42 | 000,445,440 | ---- | C] ( ) -- C:\ProgramData\ycVEDYkOmkxvLr.exe
[2012.03.09 15:24:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.03.03 18:31:33 | 000,361,672 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the bigreal.psd
[2012.03.03 18:30:51 | 000,087,465 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the bigreal.jpg
[2012.03.03 18:23:19 | 000,087,187 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the big.jpg
[2012.02.29 20:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.02.26 15:36:27 | 000,032,944 | -H-- | C] () -- C:\Users\Matt\Desktop\wirkungskette.jpg
[2012.02.25 16:39:46 | 000,002,595 | -H-- | C] () -- C:\Users\Matt\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.02.20 14:11:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.18 15:39:08 | 000,263,832 | -H-- | C] () -- C:\Users\Matt\Desktop\mw3.jpg
[2011.12.06 03:10:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.30 12:07:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.07 14:21:34 | 000,000,000 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\chrtmp
[2011.09.20 12:37:07 | 000,032,434 | ---- | C] () -- C:\Windows\System32\xfiXEN.ini
[2011.09.20 12:37:07 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2011.09.20 12:37:07 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2011.09.20 12:37:00 | 000,186,880 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.09.20 12:37:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.22 17:24:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.07 19:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.02 17:55:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.10.30 00:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.10.04 18:39:55 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.09.24 14:31:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.23 14:24:18 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.08.23 14:24:18 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.07.30 10:26:45 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.07.23 13:13:33 | 000,029,847 | ---- | C] () -- C:\Windows\scunin.dat
[2010.06.11 15:46:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
 
========== LOP Check ==========
 
[2011.09.20 21:25:45 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011.03.22 14:20:33 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\.Nitrous
[2009.12.29 00:45:47 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Atari
[2012.01.22 16:46:59 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Azureus
[2009.04.12 14:24:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock
[2007.09.03 22:57:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2009.12.23 18:21:35 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Braid
[2007.09.27 13:50:21 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Codemasters
[2009.08.19 01:37:29 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 22:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\FarmingSimulator2008Demo
[2011.09.02 00:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2011.06.29 01:09:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\FreeFLVConverter
[2009.04.13 23:39:40 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2010.08.07 18:01:10 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ICQ
[2007.07.19 17:58:41 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ICQ Toolbar
[2011.09.18 15:50:00 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Image Zone Express
[2008.04.17 17:32:19 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\InfraRecorder
[2009.05.20 20:47:28 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\JonDo
[2011.12.08 18:34:47 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2010.09.17 18:49:23 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\LucasArts
[2010.08.27 17:33:01 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Miranda
[2011.01.04 03:19:09 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\mkvtoolnix
[2009.04.24 22:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\MobMapUpdater
[2009.06.11 16:36:55 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\My Games
[2012.01.14 19:41:25 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\NationRed
[2010.12.17 22:35:57 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Need for Speed World
[2009.02.02 16:52:06 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2011.09.28 15:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Origin
[2007.11.25 22:19:02 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Printer Info Cache
[2011.07.22 17:24:39 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3
[2011.07.30 15:02:34 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3 Uprising
[2010.01.04 19:39:53 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\runic games
[2011.10.26 23:02:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Samsung
[2011.09.03 14:19:51 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Simfy
[2007.08.20 11:49:23 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Soldat
[2010.08.23 14:33:46 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Spesoft Audio Converter
[2008.09.07 18:55:54 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\SPORE Creature Creator
[2007.12.11 21:02:26 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2010.08.12 01:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2010.12.28 16:44:15 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\The Path
[2012.03.15 21:20:45 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2010.11.17 19:30:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2008.04.23 21:41:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Turbine
[2011.07.21 02:21:27 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Unity
[2009.11.03 14:28:21 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Usenet.to
[2011.03.25 21:04:39 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2011.04.18 22:14:18 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\wargaming.net
[2011.01.29 00:51:05 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Xilisoft
[2011.01.15 01:59:37 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ZombieDriver
[2012.03.18 14:52:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Kann mir jemand weiterhelfen? Habe einige ähnliche Fälle gefunden, aber die Lösungen da waren zu spezifisch als das ich sie hätte bei mir anwenden können.

 

Themen zu TR\Crypt.XPACK.Gen.3
antivir, avira, bho, bonjour, conduit, dateisystem, desktop, device driver, error, failed, festplatte, firefox, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, launch, logfile, mbamservice.exe, mozilla, mp3, object, plug-in, programm, registry, safer networking, scan, searchscopes, softonic, softonic deutsch toolbar, software, sttray.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, usb, virus, vista


« GEMA Virus XP bekomme ihn nicht weg! | 50€ Virus auf ein weiteres... »


Ähnliche Themen: TR\Crypt.XPACK.Gen.3


  1. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  2. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  14. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  17. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR\Crypt.XPACK.Gen.3 - Hallo, habe mir heute den Trojaner "TR\Crypt.XPACK.Gen.3" eingefangen. (lt. Antivir). Angeblich ist nun meine Festplatte defekt, Desktop Hintergrund fehlt, alle Verknüfpungen + das komplette Start Menü. Immer wieder öffnet sich - TR\Crypt.XPACK.Gen.3...
Archiv
Du betrachtest: TR\Crypt.XPACK.Gen.3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131