![]() |
|
Log-Analyse und Auswertung: Trojaner TR/Crypt.XPACK.Gen3Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner TR/Crypt.XPACK.Gen3 Avira zeigt mir nun trotz mehrfacher Löschung zum widerholten Male an, dass TR/Crypt.XPACK.Gen3 gefunden wurde, diesmal in der Datei C:\Windows\tem\_avast4_\unp226623457.tmp Hier einige Meldungen der letzten Tage, das ist allerdings nur eine Auswahl, es gibt etwa 70 dieser Meldungen, zuletzt hatte ich allerdings "nur" 8 Meldungen von 'TR/Crypt.XPACK.Gen' bzw. 'TR/Crypt.XPACK.Gen3' im Verzeichnis 'C:\Windows\temp\_avast4_\unpXXXXXXXX.tmp', wobei an XXXXXXXX immer ne andere Nummer steht: In der Datei 'C:\Windows\temp\_avast4_\unp79236204.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Windows\temp\_avast4_\unp167925461.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Windows\temp\_avast4_\unp257347149.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben In der Datei 'C:\Windows\temp\_avast4_\unp187307876.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben Die Datei 'C:\Users\Sandra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-715d175d' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Scuds.A' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00555117.qua' verschoben! Die Datei 'C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanndiskur98.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! In der Datei 'C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanndiskur98.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Ich habe hier mal nach einem ähnlichen Problem gesucht und deshalb OTL laufen lassen, und folgende LOG-Files erhalten: Könnt ihr mir helfen? Danke! OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.06.2011 23:32:15 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Zille\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 40,35% Memory free 3,23 Gb Paging File | 1,55 Gb Available in Paging File | 47,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,14 Gb Total Space | 67,07 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Drive D: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 16,00 Gb Total Space | 15,91 Gb Free Space | 99,44% Space Free | Partition Type: NTFS Drive F: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,55% Space Free | Partition Type: NTFS Drive G: | 7,90 Gb Total Space | 7,83 Gb Free Space | 99,14% Space Free | Partition Type: NTFS Computer Name: SANDRASPC | User Name: Zille | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity 2010 PC-Welt Edition "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011 "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "VLC media player" = VLC media player 1.1.9 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.06.2011 02:53:35 | Computer Name = SandrasPC | Source = ESENT | ID = 215 Description = WinMail (2924) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 03.06.2011 03:10:22 | Computer Name = SandrasPC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, fehlerhaftes Modul Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, Ausnahmecode 0xc0000005, Fehleroffset 0x00e6715a, Prozess-ID 0x77c, Anwendungsstartzeit 01cc21bcde509f04. Error - 03.06.2011 11:01:31 | Computer Name = SandrasPC | Source = EventSystem | ID = 4609 Description = Error - 03.06.2011 15:02:49 | Computer Name = SandrasPC | Source = EventSystem | ID = 4609 Description = Error - 03.06.2011 15:18:01 | Computer Name = SandrasPC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 7.0.6001.18602 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 330 Anfangszeit: 01cc2222b7ab374d Zeitpunkt der Beendigung: 109 Error - 03.06.2011 15:25:12 | Computer Name = SandrasPC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, fehlerhaftes Modul Skype.exe, Version 5.1.32.112, Zeitstempel 0x4d403d34, Ausnahmecode 0xc0000005, Fehleroffset 0x00e6715a, Prozess-ID 0xc54, Anwendungsstartzeit 01cc222115ad055d. Error - 04.06.2011 04:22:08 | Computer Name = SandrasPC | Source = MsiInstaller | ID = 11706 Description = Error - 04.06.2011 10:29:06 | Computer Name = SandrasPC | Source = MsiInstaller | ID = 11730 Description = Error - 04.06.2011 21:00:57 | Computer Name = SandrasPC | Source = VSS | ID = 12289 Description = Error - 04.06.2011 21:00:57 | Computer Name = SandrasPC | Source = VSS | ID = 12289 Description = [ System Events ] Error - 17.03.2011 07:07:35 | Computer Name = SandrasPC | Source = DCOM | ID = 10016 Description = Error - 20.03.2011 08:06:11 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011 Description = Error - 23.03.2011 08:49:57 | Computer Name = SandrasPC | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 24.03.2011 02:37:09 | Computer Name = SandrasPC | Source = Microsoft-Windows-Kernel-General | ID = 5 Description = Error - 15.04.2011 18:34:18 | Computer Name = SandrasPC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 16.04.2011 um 00:33:10 unerwartet heruntergefahren. Error - 16.04.2011 22:45:35 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011 Description = Error - 20.04.2011 10:00:05 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011 Description = Error - 24.04.2011 11:54:32 | Computer Name = SandrasPC | Source = Service Control Manager | ID = 7011 Description = Error - 29.04.2011 06:16:12 | Computer Name = SandrasPC | Source = DCOM | ID = 10016 Description = Error - 29.04.2011 06:16:12 | Computer Name = SandrasPC | Source = DCOM | ID = 10016 Description = < End of report > UNDOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.06.2011 23:32:15 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Zille\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,49 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 40,35% Memory free 3,23 Gb Paging File | 1,55 Gb Available in Paging File | 47,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105,14 Gb Total Space | 67,07 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Drive D: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 16,00 Gb Total Space | 15,91 Gb Free Space | 99,44% Space Free | Partition Type: NTFS Drive F: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,55% Space Free | Partition Type: NTFS Drive G: | 7,90 Gb Total Space | 7,83 Gb Free Space | 99,14% Space Free | Partition Type: NTFS Computer Name: SANDRASPC | User Name: Zille | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zille\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Zille\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Programme\G Data\InternetSecurity\GUI\GDSC.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVK.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Windows\System32\wsqmcons.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Zille\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (28923652) -- C:\Windows\system32\DRIVERS\28923652.sys (Kaspersky Lab) DRV - (setup_9.0.0.722_02.06.2011_06-11drv) -- C:\Windows\System32\drivers\2892365.sys (Kaspersky Lab) DRV - (28923651) -- C:\Windows\System32\drivers\28923651.sys (Kaspersky Lab) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FF A4 DB D2 22 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.17 20:25:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.05 19:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zille\AppData\Roaming\mozilla\Extensions [2011.06.05 19:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zille\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Gears) - {57CC507B-E60F-46E3-A6BC-678074531620} - C:\Users\Zille\AppData\Roaming\Gears\IE\Gears.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (AdobeReader) - {C38E40BD-AF96-4006-8EED-B2F41315CEB9} - C:\Users\Zille\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Skype] File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk = C:\Users\Zille\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_02.06.2011_06-11\startup.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.12.22 09:17:07 | 000,000,605 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010.12.22 09:17:07 | 000,000,012 | R--- | M] () - D:\autorun.tag -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.05 23:31:27 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Zille\Desktop\OTL.exe [2011.06.05 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Mozilla [2011.06.05 19:50:21 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Thunderbird [2011.06.05 19:50:21 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\Thunderbird [2011.06.05 01:31:29 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Avira [2011.06.04 14:15:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.04 14:15:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.06.04 14:15:53 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.04 14:15:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.04 14:15:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.04 14:15:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.04 14:15:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.04 14:15:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.04 14:15:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.04 14:15:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.04 14:15:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.04 14:15:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.04 14:15:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.04 14:15:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.04 14:15:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.04 14:15:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.04 14:15:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.04 14:15:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.04 14:15:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.03 22:58:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.03 22:58:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.03 22:58:09 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.03 22:58:09 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.03 22:58:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2011.06.03 22:58:08 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.03 22:58:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.03 22:58:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.03 22:58:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.03 22:58:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.03 22:58:06 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.03 22:58:06 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.03 22:58:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.03 22:58:05 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2011.06.03 22:58:04 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.03 22:58:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.03 22:58:03 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.03 22:58:01 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.03 22:58:00 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.03 22:58:00 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2011.06.03 22:58:00 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.03 22:58:00 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.03 22:58:00 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2011.06.03 21:12:53 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.06.03 20:53:08 | 000,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.06.03 20:53:07 | 000,028,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.06.03 20:52:16 | 000,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2011.06.03 20:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity [2011.06.03 20:51:00 | 000,035,272 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.06.03 20:49:53 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G DATA [2011.06.03 20:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2011.06.03 08:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.06.03 08:36:52 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\NPE [2011.06.03 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Skype [2011.06.02 21:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.06.02 21:35:49 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\2892365.sys [2011.06.02 21:35:49 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\28923651.sys [2011.06.02 21:35:49 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\28923652.sys [2011.06.02 21:35:48 | 000,000,000 | ---D | C] -- C:\Users\Zille\Desktop\DE-Cleaner powered by Kaspersky [2011.06.02 12:29:20 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.02 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\temp [2011.06.02 12:28:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.06.02 12:00:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.06.02 12:00:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.06.02 12:00:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.06.02 11:59:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.06.02 11:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.06.02 10:55:11 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Malwarebytes [2011.06.02 10:55:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.02 10:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.02 10:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.02 10:54:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.02 10:54:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.20 01:18:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2011.05.20 01:16:39 | 000,000,000 | ---D | C] -- C:\b2de9709d56974dde71e10 [2011.05.19 13:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.05.19 13:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.05.19 13:11:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.05.18 00:02:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.18 00:02:35 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.05.17 11:11:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2011.05.17 10:54:37 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2011.05.17 10:54:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2011.05.17 10:54:35 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2011.05.17 10:54:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2011.05.17 10:54:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2011.05.17 10:54:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2011.05.17 10:54:34 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2011.05.17 10:54:34 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011.05.17 10:54:34 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2011.05.17 10:54:33 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2011.05.17 10:54:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2011.05.17 10:54:33 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.05.17 10:54:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2011.05.17 10:54:33 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011.05.17 10:54:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2011.05.17 10:54:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2011.05.17 10:54:32 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2011.05.17 10:54:32 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2011.05.17 10:54:31 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.05.17 10:54:31 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.05.17 10:54:31 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.05.17 10:54:31 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.05.17 10:54:31 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.05.17 10:50:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.05.17 10:50:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.05.17 10:50:22 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.05.17 10:44:56 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.05.17 10:44:56 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.05.17 10:44:56 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.05.17 10:41:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.05.17 10:38:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.05.17 10:37:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.05.17 10:37:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.05.17 10:37:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.05.17 10:37:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.05.17 10:37:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.05.17 10:37:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.05.17 10:37:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.05.17 10:37:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.05.17 10:37:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.05.17 10:37:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.05.17 10:37:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.05.17 10:37:14 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.05.17 10:37:14 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.05.17 10:37:14 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.05.17 10:37:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.05.16 11:06:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.05.16 11:06:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.05.16 11:05:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.05.16 11:05:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.05.16 11:05:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.05.16 11:05:42 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.05.16 11:05:30 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.05.16 11:05:29 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.16 11:05:24 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.05.16 11:05:23 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.05.16 11:05:15 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.05.16 11:05:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.05.16 11:05:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.05.16 11:04:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.05.16 11:04:47 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.05.16 11:04:04 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.05.16 11:04:01 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.05.16 11:03:23 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.05.16 11:03:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.05.16 11:03:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.05.16 11:03:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.05.16 11:02:58 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.05.16 11:02:55 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.05.16 11:02:55 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.05.16 11:02:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.05.16 11:02:54 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.05.16 11:02:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.05.16 11:02:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.05.16 11:02:32 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.05.16 11:02:31 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.05.16 11:01:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.05.16 11:01:42 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.05.16 11:01:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.05.16 11:01:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.16 11:01:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.05.16 11:00:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.05.16 11:00:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2011.05.16 11:00:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.05.15 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\Lexware [2011.05.15 14:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2011.05.15 14:51:21 | 000,000,000 | ---D | C] -- C:\Programme\Lexware [2011.05.15 14:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2011.05.15 14:28:53 | 000,000,000 | ---D | C] -- C:\PerfLogs [2011.05.15 11:04:58 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\WindowsUpdate [2011.05.15 11:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Lexware [2011.05.15 11:03:01 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\Lexware [2011.05.14 22:51:30 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.13 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\OpenCandy [2011.05.13 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Local\optBeruby [2011.05.13 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\Zille\AppData\Roaming\OpenCandy [2011.05.13 21:44:21 | 000,000,000 | ---D | C] -- C:\Programme\DsNET Corp ========== Files - Modified Within 30 Days ========== [2011.06.05 23:44:26 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.05 23:44:26 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.05 23:35:08 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.05 23:35:08 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.05 23:35:08 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.05 23:35:08 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.05 23:28:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Zille\Desktop\OTL.exe [2011.06.05 23:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.05 19:49:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job [2011.06.05 19:44:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.05 01:46:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.05 01:45:33 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys [2011.06.03 21:12:53 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2011.06.03 20:53:08 | 000,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2011.06.03 20:53:07 | 000,028,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2011.06.03 20:52:16 | 000,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2011.06.03 20:51:39 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2011.06.03 20:51:00 | 000,035,272 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2011.06.03 20:49:53 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2011.06.03 12:34:26 | 000,000,680 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\SMRResults162.dat [2011.06.03 08:48:12 | 010,788,289 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\SMRBackup162.dat [2011.06.02 21:38:24 | 000,002,270 | ---- | M] () -- C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk [2011.06.02 10:55:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.23 12:46:25 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.19 13:16:17 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.05.18 06:17:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.05.17 23:48:33 | 000,254,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.15 15:11:47 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer 2011.lnk [2011.05.15 13:30:04 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.05.15 13:29:57 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.05.07 11:14:05 | 000,146,190 | ---- | M] () -- C:\Windows\hpoins18.dat ========== Files Created - No Company Name ========== [2011.06.05 23:31:36 | 000,190,390 | ---- | C] () -- C:\Users\Zille\Desktop\Ornela.csv [2011.06.05 23:31:36 | 000,046,768 | ---- | C] () -- C:\Users\Zille\Desktop\Ornela.sav [2011.06.05 23:31:35 | 000,584,104 | ---- | C] () -- C:\Users\Zille\Desktop\Omas Liebling.JPG [2011.06.05 23:31:35 | 000,024,998 | ---- | C] () -- C:\Users\Zille\Desktop\Mein Kalender.mcf [2011.06.05 23:31:35 | 000,024,993 | ---- | C] () -- C:\Users\Zille\Desktop\Mein Kalender.mcf~ [2011.06.05 23:31:33 | 001,059,043 | ---- | C] () -- C:\Users\Zille\Desktop\josh_p.JPG [2011.06.05 23:31:33 | 000,906,524 | ---- | C] () -- C:\Users\Zille\Desktop\jmedeth00282-0040.pdf [2011.06.05 23:31:32 | 000,468,023 | ---- | C] () -- C:\Users\Zille\Desktop\FrTue.pdf [2011.06.05 23:31:32 | 000,356,435 | ---- | C] () -- C:\Users\Zille\Desktop\Gemma.xps [2011.06.05 23:31:32 | 000,144,496 | ---- | C] () -- C:\Users\Zille\Desktop\Georg-August-Universität Göttingen - Stellenangebote der Universität.mht [2011.06.05 23:31:31 | 000,028,448 | ---- | C] () -- C:\Users\Zille\Desktop\Frammersbach.mcf~ [2011.06.03 23:04:46 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.06.03 20:51:39 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2011.06.03 12:34:25 | 000,000,680 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\SMRResults162.dat [2011.06.03 08:39:47 | 010,788,289 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\SMRBackup162.dat [2011.06.02 21:38:24 | 000,002,270 | ---- | C] () -- C:\Users\Zille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_02.06.2011_06-11.lnk [2011.06.02 12:00:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.06.02 12:00:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.06.02 12:00:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.06.02 12:00:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.06.02 12:00:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.06.02 10:55:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.19 13:14:15 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.05.19 13:14:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.05.18 06:17:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.05.17 10:54:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.17 10:54:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.17 10:54:33 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011.05.17 10:37:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.05.17 10:37:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.05.17 10:37:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.05.15 14:53:03 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer 2011.lnk [2011.03.22 14:21:23 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat [2011.03.22 14:19:31 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.02.26 01:59:57 | 000,000,680 | ---- | C] () -- C:\Users\Zille\AppData\Local\d3d9caps.dat [2006.11.02 17:33:31 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,125,184 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,254,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll < End of report > Geändert von JoElZi (05.06.2011 um 23:38 Uhr) |
Themen zu Trojaner TR/Crypt.XPACK.Gen3 |
.dll, 32 bit, adobe, avast, avira, de-cleaner, error, explorer, flash player, format, google, home, iexplore.exe, java/dldr.scuds.a, langs, lexware, logfile, mbamservice.exe, mozilla, mozilla thunderbird, msiinstaller, nodrives, oldtimer, plug-in, problem, programm, realtek, registry, rundll, scan, sched.exe, security, security scan, shell32.dll, software, start menu, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, vista, windows |