|
Plagegeister aller Art und deren Bekämpfung: 17 Meldungen über Avira: TR/Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.10.2010, 02:05 | #1 |
| 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Sehr geehrte Damen und Herren, ich benötige Hilfe bzgl. einer Meldung in einem meiner AntiVieren-Programme: Avira AntiVir zeigte mir folgenden Trojaner auf: TR/Crypt.XPACK.Gen in 17-facher Ausführung!!! Die Dateien wurden in die Quarantäne verschoben. Ich habe mehrere Anti-Vieren-Programme und eine zusätzliche Firewall da ich sehr paranoid bin! Die verwendeten Programme sind: Comodo Internet Security Premium, Avast, AntiVir sowie eine Firwall von Zonealarm. Nun da meine PC-Kenntnisse beschränkt sind habe ich mich in Foren auf die Suche nach Lösungsmöglichkeiten begeben und sowohl eine HijackThis, AntiVir und eine OTL "Scan-Liste" zum präsentieren. Ich hoffe mir kann geholfen werden und ich möchte mich vorab schon für eine Hilfe bedanken! Beginnen würde ich gern mit OTL (dann AntiVir und danach HijackThis):OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2010 02:31:52 - Run 1 OTL by OldTimer - Version 3.2.15.0 Folder = C:\Users\BG\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,28 Gb Total Space | 392,09 Gb Free Space | 85,93% Space Free | Partition Type: NTFS Computer Name: BG-VAIO | User Name: BG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BG\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\BG\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\guard32.dll (COMODO) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.03 23:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.02 11:40:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 04:56:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.22 11:18:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.10 08:45:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Extensions [2010.09.10 08:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.10 05:06:33 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions [2010.09.07 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.04 00:04:31 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2010.08.20 06:37:31 | 000,000,873 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\conduit.xml [2010.09.26 19:02:06 | 000,000,944 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\icqplugin.xml [2010.10.02 11:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.20 00:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 15:07:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.10 04:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.10.10 04:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.09 01:22:10 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2010.10.09 00:45:59 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll [2010.10.09 00:45:51 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2010.10.09 00:45:51 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2010.10.09 00:45:49 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll [2010.10.09 00:45:47 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll [2010.10.09 00:45:47 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2010.10.09 00:45:46 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll [2010.10.09 00:45:46 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll [2010.10.09 00:45:46 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll [2010.10.09 00:45:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2010.10.09 00:45:44 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys [2010.10.09 00:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2010.10.09 00:45:20 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.10.09 00:45:19 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll [2010.10.09 00:45:19 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll [2010.10.09 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Sunbelt Software [2010.10.09 00:39:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.10.09 00:35:34 | 000,000,000 | ---D | C] -- C:\Programme\COMODO [2010.10.09 00:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2010.10.09 00:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.10.09 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes [2010.10.09 00:31:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.10.09 00:31:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.10.09 00:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.09 00:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.10.09 00:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles [2010.10.04 02:10:28 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\ElevatedDiagnostics [2010.10.02 12:13:38 | 012,964,352 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2010.10.02 12:13:38 | 004,661,760 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2010.10.02 12:13:38 | 002,609,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2010.10.02 12:13:38 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2010.10.02 12:13:37 | 017,199,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll [2010.10.02 12:13:37 | 006,106,624 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2010.10.02 12:13:37 | 003,034,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2010.10.02 12:13:37 | 000,436,736 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2010.10.02 12:13:37 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2010.10.02 12:13:37 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2010.10.02 12:13:37 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2010.10.02 12:13:37 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2010.10.02 12:13:36 | 004,634,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2010.10.02 12:13:36 | 003,547,136 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2010.10.02 12:13:36 | 000,208,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2010.10.02 12:13:36 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2010.10.02 12:13:36 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2010.10.02 12:13:36 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2010.10.02 12:13:36 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2010.10.02 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\GlarySoft [2010.10.02 11:43:15 | 000,000,000 | ---D | C] -- C:\Users\BG\Application Data [2010.10.02 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\SlimWare Utilities Inc [2010.10.02 11:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind [2010.10.02 11:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\FreeHideIP [2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeHideIP [2010.10.02 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHideIP [2010.10.02 11:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2010.10.02 11:00:56 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010.10.02 11:00:56 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010.10.02 11:00:56 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010.10.02 11:00:56 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010.10.02 11:00:56 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2010.10.02 11:00:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010.10.02 11:00:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010.10.02 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Avira [2010.10.02 09:48:07 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.10.02 09:48:07 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.02 09:48:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.10.02 09:48:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.10.02 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010.10.02 09:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2010.10.02 09:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5 [2010.09.24 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\Mobile [2010.09.23 11:47:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.09.22 11:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\My Games [2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\My Games [2010.09.21 21:32:18 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2010.09.21 21:32:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2010.09.21 21:32:18 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll [2010.09.21 21:32:18 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll [2010.09.21 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2010.09.21 21:32:17 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2010.09.21 21:32:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2010.09.21 21:32:17 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2010.09.21 21:32:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2010.09.21 21:32:17 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2010.09.21 21:32:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2010.09.21 21:32:17 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2010.09.21 21:32:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2010.09.21 21:32:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2010.09.21 21:32:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2010.09.21 21:32:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2010.09.21 21:32:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2010.09.21 21:32:16 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2010.09.21 21:32:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2010.09.21 21:32:15 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2010.09.21 21:32:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2010.09.21 21:32:15 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2010.09.21 21:32:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2010.09.21 21:32:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2010.09.21 21:32:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2010.09.21 21:32:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2010.09.21 21:32:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2010.09.18 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios [2010.09.18 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\Stronghold 2 [2010.09.18 18:17:53 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2010.09.18 18:17:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2010.09.18 18:17:52 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.09.18 18:17:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.09.18 18:17:52 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2010.09.18 18:17:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2010.09.18 18:17:51 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2010.09.18 18:17:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2010.09.18 18:17:50 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2010.09.18 18:17:50 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2010.09.18 18:17:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2010.09.18 18:17:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2010.09.18 18:17:50 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2010.09.18 18:17:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2010.09.18 18:17:49 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2010.09.18 18:17:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2010.09.18 18:17:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2010.09.18 18:17:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2010.09.18 18:17:43 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2010.09.18 18:17:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2010.09.18 18:17:43 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2010.09.18 18:17:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2010.09.18 18:17:42 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2010.09.18 18:17:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2010.09.18 18:17:41 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2010.09.18 18:17:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2010.09.18 18:17:40 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2010.09.18 18:17:39 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2010.09.18 18:17:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2010.09.18 18:17:38 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2010.09.18 18:17:38 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2010.09.18 18:17:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2010.09.18 18:17:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2010.09.18 18:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios [2010.09.12 21:19:48 | 000,000,000 | ---D | C] -- C:\da9d2d5a2cb9caf1a0ea03 [2010.09.12 20:59:16 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.09.12 20:59:16 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.09.12 20:59:16 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.09.12 20:59:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.09.12 20:59:16 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.09.12 20:59:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.09.12 20:59:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.09.12 20:59:16 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.09.12 20:07:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.09.12 20:07:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.09.12 20:07:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.09.12 20:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.09.12 20:07:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.09.12 20:07:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.09.12 20:07:14 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.09.12 20:07:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.09.12 20:07:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.09.12 20:07:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.09.12 20:07:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.09.12 20:07:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.09.12 20:06:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.09.12 20:06:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.09.12 20:06:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.09.12 20:06:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.09.12 20:06:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.09.12 20:06:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.09.12 20:06:53 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.09.12 20:06:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.09.12 20:06:52 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.09.12 20:06:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.09.12 20:06:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.09.12 20:06:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.09.12 20:06:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.09.12 20:06:17 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.11 02:37:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.11 02:35:21 | 002,621,440 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT [2010.10.11 02:31:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2010.10.11 02:00:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.11 02:00:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.11 01:53:09 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.11 01:52:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.11 01:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.11 01:51:59 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys [2010.10.11 01:50:57 | 003,332,500 | -H-- | M] () -- C:\Users\BG\AppData\Local\IconCache.db [2010.10.10 04:56:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.09 12:47:19 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2010.10.09 02:01:28 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.09 00:46:24 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2010.10.09 00:46:02 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2010.10.09 00:46:02 | 000,001,066 | ---- | M] () -- C:\Users\BG\Desktop\ZoneAlarm Security.lnk [2010.10.09 00:35:50 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.10.09 00:31:28 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 00:12:48 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2010.10.02 19:27:47 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.02 19:27:47 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.02 19:27:47 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.02 19:27:47 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.02 19:27:47 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.02 12:02:53 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2010.10.02 11:43:26 | 000,000,945 | ---- | M] () -- C:\Users\BG\Desktop\XMind.lnk [2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010.10.02 11:41:52 | 000,000,988 | ---- | M] () -- C:\Users\BG\Desktop\Glary Utilities.lnk [2010.10.02 11:40:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2010.10.02 11:39:32 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2010.10.02 11:03:27 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.02 11:00:57 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010.10.02 11:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.10.02 09:48:11 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.26 04:15:47 | 000,019,456 | ---- | M] () -- C:\Users\BG\AppData\Local\WebpageIcons.db [2010.09.22 11:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.09.18 18:16:46 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk [2010.09.18 00:23:17 | 000,011,602 | ---- | M] () -- C:\Users\BG\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.09.12 21:05:21 | 000,384,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.09.12 20:57:41 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.10 04:56:59 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.09 02:01:28 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.10.09 01:03:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.09 00:53:28 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat [2010.10.09 00:46:02 | 000,001,066 | ---- | C] () -- C:\Users\BG\Desktop\ZoneAlarm Security.lnk [2010.10.09 00:46:01 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2010.10.09 00:45:46 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2010.10.09 00:35:50 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk [2010.10.09 00:31:28 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 00:12:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.02 12:24:17 | 000,001,087 | ---- | C] () -- C:\Users\BG\Desktop\Secunia PSI.lnk [2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat [2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat [2010.10.02 12:13:37 | 000,195,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2010.10.02 12:13:37 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml [2010.10.02 11:43:26 | 000,000,945 | ---- | C] () -- C:\Users\BG\Desktop\XMind.lnk [2010.10.02 11:43:01 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2010.10.02 11:41:53 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2010.10.02 11:41:52 | 000,000,988 | ---- | C] () -- C:\Users\BG\Desktop\Glary Utilities.lnk [2010.10.02 11:40:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2010.10.02 11:39:32 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2010.10.02 11:00:57 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2010.10.02 09:48:26 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2010.10.02 09:48:11 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.22 11:18:45 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.09.18 18:16:46 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk [2010.09.10 08:51:45 | 000,019,456 | ---- | C] () -- C:\Users\BG\AppData\Local\WebpageIcons.db [2010.03.21 22:06:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.03.21 21:53:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2010.03.09 16:07:29 | 000,007,605 | ---- | C] () -- C:\Users\BG\AppData\Local\Resmon.ResmonCfg [2010.02.07 23:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.04 19:08:17 | 000,000,000 | ---- | C] () -- C:\Users\BG\AppData\Roaming\wklnhst.dat [2009.09.06 10:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest ========== LOP Check ========== [2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.# [2010.09.07 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\AusLogics [2010.09.07 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Canneverbe Limited [2010.09.09 07:10:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\carspider [2010.09.04 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\CheckPoint [2010.10.02 12:09:43 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Chilirec [2010.01.14 02:08:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DeepBurner [2010.08.19 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\EPSON [2010.10.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\FreeHideIP [2010.10.02 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GlarySoft [2010.10.02 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ICQ [2010.02.24 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2010.01.04 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.09.07 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenCandy [2010.03.21 04:15:16 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenOffice.org [2010.09.01 05:34:17 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PhraseExpress [2010.01.04 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Template [2010.09.10 08:45:18 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Thunderbird [2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010.09.09 21:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Die Dateien wurden in die Quarantäne von AntiVir geschickt und befinden sich in den Verzeichnissen: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 11. Oktober 2010 01:22 Es wird nach 2914079 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : BG-VAIO Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 07:48:50 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 07:48:54 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 07:49:01 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 07:49:06 VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 07:49:06 VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 07:49:06 VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 07:49:06 VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 07:49:06 VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 07:49:07 VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 07:49:07 VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 07:49:07 VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 07:49:07 VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 07:49:08 VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 07:49:08 VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 07:49:08 VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 15:15:49 VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 15:15:49 VBASE022.VDF : 7.10.12.149 2048 Bytes 07.10.2010 15:15:49 VBASE023.VDF : 7.10.12.150 2048 Bytes 07.10.2010 15:15:49 VBASE024.VDF : 7.10.12.151 2048 Bytes 07.10.2010 15:15:49 VBASE025.VDF : 7.10.12.152 2048 Bytes 07.10.2010 15:15:49 VBASE026.VDF : 7.10.12.153 2048 Bytes 07.10.2010 15:15:49 VBASE027.VDF : 7.10.12.154 2048 Bytes 07.10.2010 15:15:49 VBASE028.VDF : 7.10.12.155 2048 Bytes 07.10.2010 15:15:49 VBASE029.VDF : 7.10.12.156 2048 Bytes 07.10.2010 15:15:49 VBASE030.VDF : 7.10.12.157 2048 Bytes 07.10.2010 15:15:50 VBASE031.VDF : 7.10.12.166 66048 Bytes 08.10.2010 15:15:50 Engineversion : 8.2.4.72 AEVDF.DLL : 8.1.2.1 106868 Bytes 02.10.2010 07:49:14 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 02.10.2010 07:49:14 AESCN.DLL : 8.1.6.1 127347 Bytes 02.10.2010 07:49:14 AESBX.DLL : 8.1.3.1 254324 Bytes 02.10.2010 07:49:14 AERDL.DLL : 8.1.9.2 635252 Bytes 02.10.2010 07:49:13 AEPACK.DLL : 8.2.3.7 471413 Bytes 02.10.2010 07:49:13 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 02.10.2010 07:49:12 AEHEUR.DLL : 8.1.2.30 2941303 Bytes 02.10.2010 07:49:12 AEHELP.DLL : 8.1.13.4 242038 Bytes 02.10.2010 07:49:10 AEGEN.DLL : 8.1.3.23 401779 Bytes 02.10.2010 07:49:10 AEEMU.DLL : 8.1.2.0 393588 Bytes 02.10.2010 07:49:10 AECORE.DLL : 8.1.17.0 196982 Bytes 02.10.2010 07:49:09 AEBB.DLL : 8.1.1.0 53618 Bytes 02.10.2010 07:49:09 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4d397961\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO, Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Montag, 11. Oktober 2010 01:22 Der Suchlauf nach versteckten Objekten wird begonnen. Fehler in der ARK Library Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'guardhlp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VcmIAlzMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHCImp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHPlMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHDs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHDms.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHDBSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastUI.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SHTtray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AvastSvc.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Windows\Temp\CAVE56A.tmp' C:\Windows\Temp\CAVE56A.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4867ea23.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE58A.tmp' C:\Windows\Temp\CAVE58A.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f0c584.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE5CA.tmp' C:\Windows\Temp\CAVE5CA.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02af9f6c.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE5DA.tmp' C:\Windows\Temp\CAVE5DA.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6498d0ae.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE60A.tmp' C:\Windows\Temp\CAVE60A.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '211cfd90.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE669.tmp' C:\Windows\Temp\CAVE669.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e07cff1.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE6A8.tmp' C:\Windows\Temp\CAVE6A8.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12bfe3bb.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE6E8.tmp' C:\Windows\Temp\CAVE6E8.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6ea7a3eb.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE727.tmp' C:\Windows\Temp\CAVE727.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '43fd8ca6.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE757.tmp' C:\Windows\Temp\CAVE757.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a95b73c.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE7A6.tmp' C:\Windows\Temp\CAVE7A6.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '36c99b0c.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE7E5.tmp' C:\Windows\Temp\CAVE7E5.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4770a299.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE853.tmp' C:\Windows\Temp\CAVE853.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '496a925e.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE883.tmp' C:\Windows\Temp\CAVE883.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0c43eb1c.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE8B3.tmp' C:\Windows\Temp\CAVE8B3.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0548efb7.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\CAVE8F2.tmp' C:\Windows\Temp\CAVE8F2.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d09f6de.qua' verschoben! Beginne mit der Suche in 'C:\Windows\Temp\_avast5_\unp243574309.tmp' C:\Windows\Temp\_avast5_\unp243574309.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71d78f4f.qua' verschoben! Ende des Suchlaufs: Montag, 11. Oktober 2010 01:23 Benötigte Zeit: 00:34 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 46 Dateien wurden geprüft 17 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 17 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 29 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 17 Hinweise 95 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Die Suchergebnisse werden an den Guard übermittelt. Und zum Abschluß kann ich noch einen HijackThis Report liefern: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:58:21, on 11.10.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\BG\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: NameServer = 129.143.2.1,129.143.2.4 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12978 bytes Vielen Dank und mit freundlichen Grüßen Euer baga1 |
11.10.2010, 12:41 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | 17 Meldungen über Avira: TR/Crypt.XPACK.GenZitat:
Es ist absolut kontraproduktiv so viele Programme dieser Kategorie auf dem PC zu installieren! COMODO und ZoneAlarm allein sind schon sinnfrei! Deinstallier alle Programme bis auf AntiVir oder Avast. Einen Virenscanner also behalten! Sag Bescheid wenn Du durch bist.
__________________ |
11.10.2010, 16:59 | #3 | |
| 17 Meldungen über Avira: TR/Crypt.XPACK.GenZitat:
Bin durch! Gruß baga1 |
11.10.2010, 19:49 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Bitte jetzt einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.10.2010, 10:21 | #5 |
| 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Hallo Arne, danke dass geht ja fix. Vollscan erledigt vorher aktuallisiert. Anbei das Ergebnis: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4796 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12.10.2010 00:39:51 mbam-log-2010-10-12 (00-39-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 259803 Laufzeit: 43 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gruß baga1 |
12.10.2010, 11:47 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Dann bitte neue Logs mit OTL machen: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> 17 Meldungen über Avira: TR/Crypt.XPACK.Gen |
12.10.2010, 17:10 | #7 |
| 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Hallo Arne, habe den Scann gemacht anbei die Datei. Dank dir nochmal:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.10.2010 17:11:34 - Run 2 OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\BG\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,28 Gb Total Space | 393,97 Gb Free Space | 86,35% Space Free | Partition Type: NTFS Computer Name: BG-VAIO | User Name: BG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BG\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\BG\Downloads\OTL(2).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.03 23:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.02 11:40:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 04:56:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.22 11:18:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.10 08:45:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Extensions [2010.09.10 08:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.12 17:11:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions [2010.09.07 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.04 00:04:31 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2010.08.20 06:37:31 | 000,000,873 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\conduit.xml [2010.09.26 19:02:06 | 000,000,944 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\icqplugin.xml [2010.10.02 11:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.20 00:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 15:07:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe File not found O4 - Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.11 18:30:14 | 000,000,000 | ---D | C] -- C:\Programme\COMODO [2010.10.10 04:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.10.10 04:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.09 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Sunbelt Software [2010.10.09 00:39:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.10.09 00:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2010.10.09 00:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.10.09 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes [2010.10.09 00:31:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.10.09 00:31:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.10.09 00:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.09 00:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.10.09 00:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles [2010.10.04 02:10:28 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\ElevatedDiagnostics [2010.10.02 12:13:38 | 012,964,352 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2010.10.02 12:13:38 | 004,661,760 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2010.10.02 12:13:38 | 002,609,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2010.10.02 12:13:38 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2010.10.02 12:13:37 | 017,199,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll [2010.10.02 12:13:37 | 006,106,624 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2010.10.02 12:13:37 | 003,034,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2010.10.02 12:13:37 | 000,436,736 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2010.10.02 12:13:37 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2010.10.02 12:13:37 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2010.10.02 12:13:37 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2010.10.02 12:13:37 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2010.10.02 12:13:36 | 004,634,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2010.10.02 12:13:36 | 003,547,136 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2010.10.02 12:13:36 | 000,208,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2010.10.02 12:13:36 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2010.10.02 12:13:36 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2010.10.02 12:13:36 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2010.10.02 12:13:36 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2010.10.02 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\GlarySoft [2010.10.02 11:43:15 | 000,000,000 | ---D | C] -- C:\Users\BG\Application Data [2010.10.02 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\SlimWare Utilities Inc [2010.10.02 11:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind [2010.10.02 11:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\FreeHideIP [2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeHideIP [2010.10.02 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHideIP [2010.10.02 11:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2010.10.02 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Avira [2010.10.02 09:48:07 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.10.02 09:48:07 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.02 09:48:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.10.02 09:48:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.10.02 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010.10.02 09:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2010.10.02 09:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5 [2010.09.24 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\Mobile [2010.09.23 11:47:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2010.09.22 11:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\My Games [2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\My Games [2010.09.21 21:32:18 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2010.09.21 21:32:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2010.09.21 21:32:18 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll [2010.09.21 21:32:18 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll [2010.09.21 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2010.09.21 21:32:17 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2010.09.21 21:32:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2010.09.21 21:32:17 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2010.09.21 21:32:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2010.09.21 21:32:17 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2010.09.21 21:32:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2010.09.21 21:32:17 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2010.09.21 21:32:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2010.09.21 21:32:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2010.09.21 21:32:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2010.09.21 21:32:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2010.09.21 21:32:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2010.09.21 21:32:16 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2010.09.21 21:32:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2010.09.21 21:32:15 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2010.09.21 21:32:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2010.09.21 21:32:15 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2010.09.21 21:32:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2010.09.21 21:32:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2010.09.21 21:32:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2010.09.21 21:32:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2010.09.21 21:32:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2010.09.18 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios [2010.09.18 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\Stronghold 2 [2010.09.18 18:17:53 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2010.09.18 18:17:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2010.09.18 18:17:52 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.09.18 18:17:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.09.18 18:17:52 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2010.09.18 18:17:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2010.09.18 18:17:51 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2010.09.18 18:17:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2010.09.18 18:17:50 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2010.09.18 18:17:50 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2010.09.18 18:17:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2010.09.18 18:17:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2010.09.18 18:17:50 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2010.09.18 18:17:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2010.09.18 18:17:49 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2010.09.18 18:17:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2010.09.18 18:17:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2010.09.18 18:17:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2010.09.18 18:17:43 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2010.09.18 18:17:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2010.09.18 18:17:43 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2010.09.18 18:17:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2010.09.18 18:17:42 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2010.09.18 18:17:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2010.09.18 18:17:41 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2010.09.18 18:17:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2010.09.18 18:17:40 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2010.09.18 18:17:39 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2010.09.18 18:17:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2010.09.18 18:17:38 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2010.09.18 18:17:38 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2010.09.18 18:17:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2010.09.18 18:17:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2010.09.18 18:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios [2010.09.12 21:19:48 | 000,000,000 | ---D | C] -- C:\da9d2d5a2cb9caf1a0ea03 [2010.09.12 20:59:16 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.09.12 20:59:16 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.09.12 20:59:16 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.09.12 20:59:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.09.12 20:59:16 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.09.12 20:59:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.09.12 20:59:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.09.12 20:59:16 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.09.12 20:07:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.09.12 20:07:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.09.12 20:07:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.09.12 20:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.09.12 20:07:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.09.12 20:07:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.09.12 20:07:14 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.09.12 20:07:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.09.12 20:07:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.09.12 20:07:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.09.12 20:07:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.09.12 20:07:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.09.12 20:06:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.09.12 20:06:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.09.12 20:06:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.09.12 20:06:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.09.12 20:06:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.09.12 20:06:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.09.12 20:06:53 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010.09.12 20:06:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.09.12 20:06:52 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.09.12 20:06:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.09.12 20:06:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.09.12 20:06:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010.09.12 20:06:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.09.12 20:06:17 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.12 17:04:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 17:04:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.12 16:59:18 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2010.10.12 16:56:16 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.12 16:56:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.12 16:55:55 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys [2010.10.12 13:37:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.11 19:53:01 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2010.10.10 04:56:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.09 02:01:28 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.09 00:31:28 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 00:12:48 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2010.10.02 19:27:47 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.02 19:27:47 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.02 19:27:47 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.02 19:27:47 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.02 19:27:47 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.02 12:02:53 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2010.10.02 11:43:26 | 000,000,945 | ---- | M] () -- C:\Users\BG\Desktop\XMind.lnk [2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010.10.02 11:41:52 | 000,000,988 | ---- | M] () -- C:\Users\BG\Desktop\Glary Utilities.lnk [2010.10.02 11:40:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2010.10.02 11:39:32 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2010.10.02 11:03:27 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.02 11:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.10.02 09:48:11 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.26 04:15:47 | 000,019,456 | ---- | M] () -- C:\Users\BG\AppData\Local\WebpageIcons.db [2010.09.22 11:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.09.18 18:16:46 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk [2010.09.18 00:23:17 | 000,011,602 | ---- | M] () -- C:\Users\BG\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.09.12 21:05:21 | 000,384,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.10 04:56:59 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.09 02:01:28 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.10.09 01:03:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.10.09 00:53:28 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat [2010.10.09 00:31:28 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 00:12:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.02 12:24:17 | 000,001,087 | ---- | C] () -- C:\Users\BG\Desktop\Secunia PSI.lnk [2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat [2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat [2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat [2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat [2010.10.02 12:13:37 | 000,195,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2010.10.02 12:13:37 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml [2010.10.02 11:43:26 | 000,000,945 | ---- | C] () -- C:\Users\BG\Desktop\XMind.lnk [2010.10.02 11:43:01 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys [2010.10.02 11:41:53 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2010.10.02 11:41:52 | 000,000,988 | ---- | C] () -- C:\Users\BG\Desktop\Glary Utilities.lnk [2010.10.02 11:40:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2010.10.02 11:39:32 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2010.10.02 09:48:26 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2010.10.02 09:48:11 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.09.22 11:18:45 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.09.18 18:16:46 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk [2010.09.10 08:51:45 | 000,019,456 | ---- | C] () -- C:\Users\BG\AppData\Local\WebpageIcons.db [2010.03.21 22:06:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.03.21 21:53:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2010.03.09 16:07:29 | 000,007,605 | ---- | C] () -- C:\Users\BG\AppData\Local\Resmon.ResmonCfg [2010.02.07 23:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.04 19:08:17 | 000,000,000 | ---- | C] () -- C:\Users\BG\AppData\Roaming\wklnhst.dat [2009.09.06 10:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll ========== LOP Check ========== [2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.# [2010.09.07 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\AusLogics [2010.09.07 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Canneverbe Limited [2010.09.09 07:10:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\carspider [2010.09.04 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\CheckPoint [2010.10.02 12:09:43 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Chilirec [2010.01.14 02:08:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DeepBurner [2010.08.19 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\EPSON [2010.10.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\FreeHideIP [2010.10.02 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GlarySoft [2010.10.02 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ICQ [2010.02.24 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2010.01.04 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.09.07 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenCandy [2010.03.21 04:15:16 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenOffice.org [2010.09.01 05:34:17 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PhraseExpress [2010.01.04 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Template [2010.09.10 08:45:18 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Thunderbird [2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010.09.09 21:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
13.10.2010, 09:29 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found [2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.# @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.10.2010, 13:39 | #9 |
| 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Hallo Arne, anbei die Editor-Datei welche nach dem Start geöffnet wurde. Was ich hier in OTL eingegeben habe ist das für andere PC auch anwendbar oder ist dass nur für meinen speziell? Was soll ich jetzt machen? Dank dir nochmals. Gruß Baga All processes killed ========== OTL ========== Service SWDUMon stopped successfully! Service SWDUMon deleted successfully! C:\Windows\SysNative\drivers\SWDUMon.sys moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Search" removed from browser.search.selectedEngine Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found. File F:\EPSETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found. File F:\Autorun.exe not found. C:\Users\BG\AppData\Roaming\.# folder moved successfully. ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully. ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData User: BG ->Temp folder emptied: 2079998 bytes ->Temporary Internet Files folder emptied: 117562 bytes ->Java cache emptied: 71580376 bytes ->FireFox cache emptied: 61474828 bytes ->Flash cache emptied: 1300 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 162861 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 129,00 mb OTL by OldTimer - Version 3.2.15.1 log created on 10132010_142900 Files\Folders moved on Reboot... C:\Users\BG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\BG\AppData\Local\Temp\~DF208CEA56ECA962DB.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF21107C826C63CDB4.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF24A7D43B8C01CA7D.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF3217620403E6558D.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF5A509C5CB5555A3C.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF6BB4FDBA8103632C.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF9317F639F2F9CE3D.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DF9E3E9EFB02729C49.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DFA60288FF3407E88C.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DFD1C366D6C0004BD4.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DFD974A0AC9D71E443.TMP not found! File\Folder C:\Users\BG\AppData\Local\Temp\~DFE8B86805550930BE.TMP not found! Registry entries deleted on Reboot... |
13.10.2010, 13:40 | #10 |
| 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Ach und hatte ich jetzt einen schlimmen Befall? |
13.10.2010, 16:36 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 17 Meldungen über Avira: TR/Crypt.XPACK.Gen Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu 17 Meldungen über Avira: TR/Crypt.XPACK.Gen |
0 bytes, 7 viren, ad-aware, alternate, antivir, antivir guard, avast!, avgntflt.sys, avira, bho, c:\windows\system32\services.exe, checkpoint, components, converter, desktop, dllhost.exe, error, eudora, firefox, firefox.exe, hijack, hijackthis, home, home premium, iastor.sys, location, logfile, mozilla thunderbird, mp3, nt.dll, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, searchplugins, security, senden, server, software, start menu, svchost.exe, syswow64, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, versteckte objekte, webcheck, windows, wuauclt.exe |