Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner TR/Crypt.XPACK.Gen3

Trojaner TR/Crypt.XPACK.Gen3


Log-Analyse und Auswertung: Trojaner TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.06.2011, 23:13   #1
JoElZi
 
Trojaner TR/Crypt.XPACK.Gen3 - Standard

Trojaner TR/Crypt.XPACK.Gen3


Avira zeigt mir nun trotz mehrfacher Löschung zum widerholten Male an, dass TR/Crypt.XPACK.Gen3 gefunden wurde, diesmal in der Datei C:\Windows\tem\_avast4_\unp226623457.tmp

Hier einige Meldungen der letzten Tage, das ist allerdings nur eine Auswahl, es gibt etwa 70 dieser Meldungen, zuletzt hatte ich allerdings "nur" 8 Meldungen von 'TR/Crypt.XPACK.Gen' bzw. 'TR/Crypt.XPACK.Gen3' im Verzeichnis 'C:\Windows\temp\_avast4_\unpXXXXXXXX.tmp', wobei an XXXXXXXX immer ne andere Nummer steht:


In der Datei 'C:\Windows\temp\_avast4_\unp79236204.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Windows\temp\_avast4_\unp167925461.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Windows\temp\_avast4_\unp257347149.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Windows\temp\_avast4_\unp187307876.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Die Datei 'C:\Users\Sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-715d175d'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Scuds.A' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00555117.qua' verschoben!

Die Datei 'C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanndiskur98.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!

In der Datei 'C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanndiskur98.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe hier mal nach einem ähnlichen Problem gesucht und deshalb OTL laufen lassen, und folgende LOG-Files erhalten: Könnt ihr mir helfen? Danke!
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.06.2011 23:32:15 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Zille\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 40,35% Memory free
3,23 Gb Paging File | 1,55 Gb Available in Paging File | 47,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,14 Gb Total Space | 67,07 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 16,00 Gb Total Space | 15,91 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive F: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive G: | 7,90 Gb Total Space | 7,83 Gb Free Space | 99,14% Space Free | Partition Type: NTFS
 
Computer Name: SANDRASPC | User Name: Zille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity 2010 PC-Welt Edition
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"VLC media player" = VLC media player 1.1.9
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2011 02:53:35 | Computer Name = SandrasPC | Source = ESENT | ID = 215
Description = WinMail (2924) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 03.06.2011 03:10:22 | Computer Name = SandrasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34,
 fehlerhaftes Modul Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, Ausnahmecode
 0xc0000005, Fehleroffset 0x00e6715a,  Prozess-ID 0x77c, Anwendungsstartzeit 01cc21bcde509f04.
 
Error - 03.06.2011 11:01:31 | Computer Name = SandrasPC | Source = EventSystem | ID = 4609
Description = 
 
Error - 03.06.2011 15:02:49 | Computer Name = SandrasPC | Source = EventSystem | ID = 4609
Description = 
 
Error - 03.06.2011 15:18:01 | Computer Name = SandrasPC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18602 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 330  Anfangszeit: 01cc2222b7ab374d  Zeitpunkt
 der Beendigung: 109
 
Error - 03.06.2011 15:25:12 | Computer Name = SandrasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34,
 fehlerhaftes Modul Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, Ausnahmecode
 0xc0000005, Fehleroffset 0x00e6715a,  Prozess-ID 0xc54, Anwendungsstartzeit 01cc222115ad055d.
 
Error - 04.06.2011 04:22:08 | Computer Name = SandrasPC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 04.06.2011 10:29:06 | Computer Name = SandrasPC | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 04.06.2011 21:00:57 | Computer Name = SandrasPC | Source = VSS | ID = 12289
Description = 
 
Error - 04.06.2011 21:00:57 | Computer Name = SandrasPC | Source = VSS | ID = 12289
Description = 
 
[ System Events ]
Error - 17.03.2011 07:07:35 | Computer Name = SandrasPC | Source = DCOM | ID = 10016
Description = 
 
Error - 20.03.2011 08:06:11 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.03.2011 08:49:57 | Computer Name = SandrasPC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 24.03.2011 02:37:09 | Computer Name = SandrasPC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 15.04.2011 18:34:18 | Computer Name = SandrasPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.04.2011 um 00:33:10 unerwartet heruntergefahren.
 
Error - 16.04.2011 22:45:35 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 20.04.2011 10:00:05 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 24.04.2011 11:54:32 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 29.04.2011 06:16:12 | Computer Name = SandrasPC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.04.2011 06:16:12 | Computer Name = SandrasPC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
--- --- ---

UNDOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2011 23:32:15 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Zille\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 40,35% Memory free
3,23 Gb Paging File | 1,55 Gb Available in Paging File | 47,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,14 Gb Total Space | 67,07 Gb Free Space | 63,79% Space Free | Partition Type: NTFS
Drive D: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 16,00 Gb Total Space | 15,91 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive F: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive G: | 7,90 Gb Total Space | 7,83 Gb Free Space | 99,14% Space Free | Partition Type: NTFS
 
Computer Name: SANDRASPC | User Name: Zille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zille\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Zille\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
PRC - C:\Programme\G Data\InternetSecurity\GUI\GDSC.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\AVK\AVK.exe (G Data Software AG)
PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Zille\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (28923652) -- C:\Windows\system32\DRIVERS\28923652.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_02.06.2011_06-11drv) -- C:\Windows\System32\drivers\2892365.sys (Kaspersky Lab)
DRV - (28923651) -- C:\Windows\System32\drivers\28923651.sys (Kaspersky Lab)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FF A4 DB D2 22 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.17 20:25:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.06.05 19:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zille\AppData\Roaming\mozilla\Extensions
[2011.06.05 19:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zille\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Gears) - {57CC507B-E60F-46E3-A6BC-678074531620} - C:\Users\Zille\AppData\Roaming\Gears\IE\Gears.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AdobeReader) - {C38E40BD-AF96-4006-8EED-B2F41315CEB9} - C:\Users\Zille\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Skype]  File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk = C:\Users\Zille\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_02.06.2011_06-11\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.12.22 09:17:07 | 000,000,605 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.12.22 09:17:07 | 000,000,012 | R--- | M] () - D:\autorun.tag -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.05 23:31:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Zille\Desktop\OTL.exe
[2011.06.05 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Mozilla
[2011.06.05 19:50:21 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Thunderbird
[2011.06.05 19:50:21 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\Thunderbird
[2011.06.05 01:31:29 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Avira
[2011.06.04 14:15:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.06.04 14:15:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.04 14:15:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.04 14:15:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.04 14:15:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.04 14:15:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.04 14:15:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.04 14:15:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.04 14:15:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.06.04 14:15:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.06.04 14:15:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.06.04 14:15:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.06.04 14:15:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.06.04 14:15:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.04 14:15:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.04 14:15:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.04 14:15:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.04 14:15:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.06.04 14:15:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.06.03 22:58:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.06.03 22:58:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.06.03 22:58:09 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.06.03 22:58:09 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.06.03 22:58:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011.06.03 22:58:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.06.03 22:58:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.06.03 22:58:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.06.03 22:58:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.06.03 22:58:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.06.03 22:58:06 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.06.03 22:58:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.06.03 22:58:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.06.03 22:58:05 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011.06.03 22:58:04 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.06.03 22:58:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.06.03 22:58:03 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.06.03 22:58:01 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.06.03 22:58:00 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.06.03 22:58:00 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011.06.03 22:58:00 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.06.03 22:58:00 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.06.03 22:58:00 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011.06.03 21:12:53 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.06.03 20:53:08 | 000,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.06.03 20:53:07 | 000,028,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.06.03 20:52:16 | 000,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.06.03 20:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2011.06.03 20:51:00 | 000,035,272 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.06.03 20:49:53 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G DATA
[2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.06.03 08:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.06.03 08:36:52 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\NPE
[2011.06.03 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Skype
[2011.06.02 21:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.06.02 21:35:49 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\2892365.sys
[2011.06.02 21:35:49 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\28923651.sys
[2011.06.02 21:35:49 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\28923652.sys
[2011.06.02 21:35:48 | 000,000,000 | ---D | C] -- C:\Users\Zille\Desktop\DE-Cleaner powered by Kaspersky
[2011.06.02 12:29:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.02 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\temp
[2011.06.02 12:28:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.06.02 12:00:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.02 12:00:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.02 12:00:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.02 11:59:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.02 11:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.02 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Malwarebytes
[2011.06.02 10:55:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.02 10:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.02 10:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.02 10:54:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.02 10:54:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.20 01:18:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.05.20 01:16:39 | 000,000,000 | ---D | C] -- C:\b2de9709d56974dde71e10
[2011.05.19 13:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.05.19 13:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.05.19 13:11:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.05.18 00:02:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.18 00:02:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.17 11:11:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.05.17 10:54:37 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011.05.17 10:54:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011.05.17 10:54:35 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011.05.17 10:54:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011.05.17 10:54:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011.05.17 10:54:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011.05.17 10:54:34 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011.05.17 10:54:34 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.05.17 10:54:34 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011.05.17 10:54:33 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011.05.17 10:54:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011.05.17 10:54:33 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.05.17 10:54:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011.05.17 10:54:33 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.05.17 10:54:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011.05.17 10:54:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011.05.17 10:54:32 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011.05.17 10:54:32 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011.05.17 10:54:31 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.05.17 10:54:31 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.05.17 10:54:31 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.05.17 10:54:31 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.05.17 10:54:31 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.05.17 10:50:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.05.17 10:50:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.05.17 10:50:22 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.05.17 10:44:56 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.05.17 10:44:56 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.05.17 10:44:56 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.05.17 10:41:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.05.17 10:38:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.05.17 10:37:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.05.17 10:37:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.05.17 10:37:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.05.17 10:37:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.05.17 10:37:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.05.17 10:37:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.05.17 10:37:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.05.17 10:37:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.05.17 10:37:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.05.17 10:37:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.05.17 10:37:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.05.17 10:37:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.05.17 10:37:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.05.17 10:37:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.05.17 10:37:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.05.16 11:06:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.05.16 11:06:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.05.16 11:05:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.05.16 11:05:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.05.16 11:05:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.05.16 11:05:42 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.05.16 11:05:30 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.05.16 11:05:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.05.16 11:05:24 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.05.16 11:05:23 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.05.16 11:05:15 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.05.16 11:05:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011.05.16 11:05:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.05.16 11:04:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.05.16 11:04:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.05.16 11:04:04 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.05.16 11:04:01 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.05.16 11:03:23 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011.05.16 11:03:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.05.16 11:03:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.05.16 11:03:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.05.16 11:02:58 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.05.16 11:02:55 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.05.16 11:02:55 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.05.16 11:02:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.05.16 11:02:54 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.05.16 11:02:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.05.16 11:02:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.05.16 11:02:32 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.05.16 11:02:31 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.05.16 11:01:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.05.16 11:01:42 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011.05.16 11:01:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.05.16 11:01:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.16 11:01:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.05.16 11:00:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.05.16 11:00:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.05.16 11:00:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.05.15 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Lexware
[2011.05.15 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.05.15 14:51:21 | 000,000,000 | ---D | C] -- C:\Programme\Lexware
[2011.05.15 14:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.05.15 14:28:53 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011.05.15 11:04:58 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\WindowsUpdate
[2011.05.15 11:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Lexware
[2011.05.15 11:03:01 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\Lexware
[2011.05.14 22:51:30 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.13 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\OpenCandy
[2011.05.13 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\optBeruby
[2011.05.13 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\OpenCandy
[2011.05.13 21:44:21 | 000,000,000 | ---D | C] -- C:\Programme\DsNET Corp
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.05 23:44:26 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 23:44:26 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 23:35:08 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.05 23:35:08 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.05 23:35:08 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.05 23:35:08 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.05 23:28:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Zille\Desktop\OTL.exe
[2011.06.05 23:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.05 19:49:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
[2011.06.05 19:44:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.05 01:46:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.05 01:45:33 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.03 21:12:53 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.06.03 20:53:08 | 000,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.06.03 20:53:07 | 000,028,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.06.03 20:52:16 | 000,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.06.03 20:51:39 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2011.06.03 20:51:00 | 000,035,272 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.06.03 20:49:53 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.06.03 12:34:26 | 000,000,680 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\SMRResults162.dat
[2011.06.03 08:48:12 | 010,788,289 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\SMRBackup162.dat
[2011.06.02 21:38:24 | 000,002,270 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk
[2011.06.02 10:55:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.23 12:46:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.19 13:16:17 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.18 06:17:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011.05.17 23:48:33 | 000,254,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.15 15:11:47 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer 2011.lnk
[2011.05.15 13:30:04 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011.05.15 13:29:57 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011.05.07 11:14:05 | 000,146,190 | ---- | M] () -- C:\Windows\hpoins18.dat
 
========== Files Created - No Company Name ==========
 
[2011.06.05 23:31:36 | 000,190,390 | ---- | C] () -- C:\Users\Zille\Desktop\Ornela.csv
[2011.06.05 23:31:36 | 000,046,768 | ---- | C] () -- C:\Users\Zille\Desktop\Ornela.sav
[2011.06.05 23:31:35 | 000,584,104 | ---- | C] () -- C:\Users\Zille\Desktop\Omas Liebling.JPG
[2011.06.05 23:31:35 | 000,024,998 | ---- | C] () -- C:\Users\Zille\Desktop\Mein Kalender.mcf
[2011.06.05 23:31:35 | 000,024,993 | ---- | C] () -- C:\Users\Zille\Desktop\Mein Kalender.mcf~
[2011.06.05 23:31:33 | 001,059,043 | ---- | C] () -- C:\Users\Zille\Desktop\josh_p.JPG
[2011.06.05 23:31:33 | 000,906,524 | ---- | C] () -- C:\Users\Zille\Desktop\jmedeth00282-0040.pdf
[2011.06.05 23:31:32 | 000,468,023 | ---- | C] () -- C:\Users\Zille\Desktop\FrTue.pdf
[2011.06.05 23:31:32 | 000,356,435 | ---- | C] () -- C:\Users\Zille\Desktop\Gemma.xps
[2011.06.05 23:31:32 | 000,144,496 | ---- | C] () -- C:\Users\Zille\Desktop\Georg-August-Universität Göttingen - Stellenangebote der Universität.mht
[2011.06.05 23:31:31 | 000,028,448 | ---- | C] () -- C:\Users\Zille\Desktop\Frammersbach.mcf~
[2011.06.03 23:04:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.06.03 20:51:39 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2011.06.03 12:34:25 | 000,000,680 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\SMRResults162.dat
[2011.06.03 08:39:47 | 010,788,289 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\SMRBackup162.dat
[2011.06.02 21:38:24 | 000,002,270 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk
[2011.06.02 12:00:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.02 12:00:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.02 12:00:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.02 12:00:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.02 12:00:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.02 10:55:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.19 13:14:15 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.19 13:14:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.05.18 06:17:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011.05.17 10:54:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.17 10:54:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.17 10:54:33 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.05.17 10:37:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.05.17 10:37:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.05.17 10:37:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.05.15 14:53:03 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer 2011.lnk
[2011.03.22 14:21:23 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.03.22 14:19:31 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.02.26 01:59:57 | 000,000,680 | ---- | C] () -- C:\Users\Zille\AppData\Local\d3d9caps.dat
[2006.11.02 17:33:31 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,125,184 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll

< End of report >
--- --- ---
Geändert von JoElZi (05.06.2011 um 23:38 Uhr)

 

Themen zu Trojaner TR/Crypt.XPACK.Gen3
.dll, 32 bit, adobe, avast, avira, de-cleaner, error, explorer, flash player, format, google, home, iexplore.exe, java/dldr.scuds.a, langs, lexware, logfile, mbamservice.exe, mozilla, mozilla thunderbird, msiinstaller, nodrives, oldtimer, plug-in, problem, programm, realtek, registry, rundll, scan, sched.exe, security, security scan, shell32.dll, software, start menu, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, vista, windows


« Auswertung & Kleines Problem | BKA Trojaner Log »


Ähnliche Themen: Trojaner TR/Crypt.XPACK.Gen3


  1. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Alles rund um Windows - 16.06.2015 (1)
  3. Trojaner TR/Crypt.XPACK.Gen3 auf meinem Computer
    Log-Analyse und Auswertung - 08.09.2014 (8)
  4. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  5. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  6. TR/Crypt.XPACK.Gen3 - Trojaner - DSL viel zu langsam
    Log-Analyse und Auswertung - 17.06.2013 (19)
  7. Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner
    Log-Analyse und Auswertung - 26.05.2013 (25)
  8. Trojaner TR/crypt.xpack.gen3 und TR/Fakealert.gbr324 nd gbr278
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (1)
  9. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  10. TR/Crypt.XPACK.Gen3 Trojaner
    Log-Analyse und Auswertung - 13.12.2011 (10)
  11. TR/Crypt.XPACK.Gen3 Trojaner gefunden!
    Log-Analyse und Auswertung - 26.06.2011 (1)
  12. Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (3)
  13. Problem mit ein Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (56)
  14. Antivir hat die Trojaner Tiny.psa, Dropper.Gen und Crypt.XPACK.Gen3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  15. Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (0)
  16. Trojaner TR/Crypt.XPACK.Gen3 und TR/Agent.aym.2 in svchost.exe und shell.exe
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  17. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner TR/Crypt.XPACK.Gen3 - Avira zeigt mir nun trotz mehrfacher Löschung zum widerholten Male an, dass TR/Crypt.XPACK.Gen3 gefunden wurde, diesmal in der Datei C:\Windows\tem\_avast4_\unp226623457.tmp Hier einige Meldungen der letzten Tage, das ist allerdings nur - Trojaner TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: Trojaner TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19