Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 17 Meldungen über Avira: TR/Crypt.XPACK.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.10.2010, 02:05   #1
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Sehr geehrte Damen und Herren,
ich benötige Hilfe bzgl. einer Meldung in einem meiner AntiVieren-Programme: Avira AntiVir zeigte mir folgenden Trojaner auf: TR/Crypt.XPACK.Gen in 17-facher Ausführung!!! Die Dateien wurden in die Quarantäne verschoben. Ich habe mehrere Anti-Vieren-Programme und eine zusätzliche Firewall da ich sehr paranoid bin! Die verwendeten Programme sind: Comodo Internet Security Premium, Avast, AntiVir sowie eine Firwall von Zonealarm. Nun da meine PC-Kenntnisse beschränkt sind habe ich mich in Foren auf die Suche nach Lösungsmöglichkeiten begeben und sowohl eine HijackThis, AntiVir und eine OTL "Scan-Liste" zum präsentieren. Ich hoffe mir kann geholfen werden und ich möchte mich vorab schon für eine Hilfe bedanken! Beginnen würde ich gern mit OTL (dann AntiVir und danach HijackThis):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.10.2010 02:31:52 - Run 1
OTL by OldTimer - Version 3.2.15.0     Folder = C:\Users\BG\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 392,09 Gb Free Space | 85,93% Space Free | Partition Type: NTFS
 
Computer Name: BG-VAIO | User Name: BG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\BG\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\BG\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\guard32.dll (COMODO)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.03 23:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.02 11:40:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 04:56:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.22 11:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.10 08:45:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Extensions
[2010.09.10 08:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.10 05:06:33 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions
[2010.09.07 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.04 00:04:31 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2010.08.20 06:37:31 | 000,000,873 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\conduit.xml
[2010.09.26 19:02:06 | 000,000,944 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\icqplugin.xml
[2010.10.02 11:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.20 00:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 15:07:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.10 04:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.10.10 04:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.09 01:22:10 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010.10.09 00:45:59 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010.10.09 00:45:51 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010.10.09 00:45:51 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010.10.09 00:45:49 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010.10.09 00:45:47 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010.10.09 00:45:47 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010.10.09 00:45:46 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010.10.09 00:45:46 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010.10.09 00:45:46 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010.10.09 00:45:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010.10.09 00:45:44 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010.10.09 00:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010.10.09 00:45:20 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.10.09 00:45:19 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010.10.09 00:45:19 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010.10.09 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Sunbelt Software
[2010.10.09 00:39:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.10.09 00:35:34 | 000,000,000 | ---D | C] -- C:\Programme\COMODO
[2010.10.09 00:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010.10.09 00:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.09 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes
[2010.10.09 00:31:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.09 00:31:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.09 00:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.09 00:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.09 00:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010.10.04 02:10:28 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\ElevatedDiagnostics
[2010.10.02 12:13:38 | 012,964,352 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010.10.02 12:13:38 | 004,661,760 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2010.10.02 12:13:38 | 002,609,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2010.10.02 12:13:38 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010.10.02 12:13:37 | 017,199,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010.10.02 12:13:37 | 006,106,624 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010.10.02 12:13:37 | 003,034,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010.10.02 12:13:37 | 000,436,736 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010.10.02 12:13:37 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010.10.02 12:13:37 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010.10.02 12:13:37 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010.10.02 12:13:37 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010.10.02 12:13:36 | 004,634,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010.10.02 12:13:36 | 003,547,136 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010.10.02 12:13:36 | 000,208,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010.10.02 12:13:36 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010.10.02 12:13:36 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010.10.02 12:13:36 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010.10.02 12:13:36 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010.10.02 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\GlarySoft
[2010.10.02 11:43:15 | 000,000,000 | ---D | C] -- C:\Users\BG\Application Data
[2010.10.02 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\SlimWare Utilities Inc
[2010.10.02 11:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2010.10.02 11:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\FreeHideIP
[2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeHideIP
[2010.10.02 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHideIP
[2010.10.02 11:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2010.10.02 11:00:56 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.10.02 11:00:56 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.10.02 11:00:56 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.10.02 11:00:56 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.10.02 11:00:56 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.10.02 11:00:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.10.02 11:00:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.10.02 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Avira
[2010.10.02 09:48:07 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.02 09:48:07 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.02 09:48:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.02 09:48:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.02 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.10.02 09:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.10.02 09:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010.09.24 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\Mobile
[2010.09.23 11:47:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010.09.22 11:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\My Games
[2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\My Games
[2010.09.21 21:32:18 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.09.21 21:32:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.09.21 21:32:18 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2010.09.21 21:32:18 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2010.09.21 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010.09.21 21:32:17 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.09.21 21:32:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.09.21 21:32:17 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.09.21 21:32:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.09.21 21:32:17 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.09.21 21:32:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.09.21 21:32:17 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.09.21 21:32:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.09.21 21:32:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.09.21 21:32:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.09.21 21:32:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.09.21 21:32:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.09.21 21:32:16 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.09.21 21:32:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.09.21 21:32:15 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.09.21 21:32:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.09.21 21:32:15 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.09.21 21:32:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.09.21 21:32:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.09.21 21:32:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.09.21 21:32:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.09.21 21:32:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.09.18 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2010.09.18 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\Stronghold 2
[2010.09.18 18:17:53 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.09.18 18:17:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.09.18 18:17:52 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.09.18 18:17:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.09.18 18:17:52 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.09.18 18:17:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.09.18 18:17:51 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.09.18 18:17:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.09.18 18:17:50 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.09.18 18:17:50 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.09.18 18:17:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.09.18 18:17:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.09.18 18:17:50 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.09.18 18:17:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.09.18 18:17:49 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.09.18 18:17:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.09.18 18:17:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.09.18 18:17:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.09.18 18:17:43 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.09.18 18:17:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.09.18 18:17:43 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.09.18 18:17:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.09.18 18:17:42 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.09.18 18:17:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.09.18 18:17:41 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.09.18 18:17:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.09.18 18:17:40 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.09.18 18:17:39 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.09.18 18:17:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.09.18 18:17:38 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.09.18 18:17:38 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.09.18 18:17:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.09.18 18:17:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.09.18 18:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2010.09.12 21:19:48 | 000,000,000 | ---D | C] -- C:\da9d2d5a2cb9caf1a0ea03
[2010.09.12 20:59:16 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.09.12 20:59:16 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.09.12 20:59:16 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.09.12 20:59:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.09.12 20:59:16 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.09.12 20:59:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.09.12 20:59:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.09.12 20:59:16 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.09.12 20:07:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.12 20:07:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.12 20:07:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.12 20:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.12 20:07:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.12 20:07:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.09.12 20:07:14 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.09.12 20:07:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.09.12 20:07:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.09.12 20:07:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.09.12 20:07:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.09.12 20:07:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.09.12 20:06:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.09.12 20:06:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.09.12 20:06:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.09.12 20:06:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.09.12 20:06:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.09.12 20:06:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.09.12 20:06:53 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.09.12 20:06:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.09.12 20:06:52 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.09.12 20:06:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.09.12 20:06:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.09.12 20:06:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.09.12 20:06:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.09.12 20:06:17 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.11 02:37:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.11 02:35:21 | 002,621,440 | -HS- | M] () -- C:\Users\BG\NTUSER.DAT
[2010.10.11 02:31:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.10.11 02:00:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.11 02:00:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.11 01:53:09 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.11 01:52:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.11 01:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.11 01:51:59 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.11 01:50:57 | 003,332,500 | -H-- | M] () -- C:\Users\BG\AppData\Local\IconCache.db
[2010.10.10 04:56:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.09 12:47:19 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.10.09 02:01:28 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.09 00:46:24 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.10.09 00:46:02 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.10.09 00:46:02 | 000,001,066 | ---- | M] () -- C:\Users\BG\Desktop\ZoneAlarm Security.lnk
[2010.10.09 00:35:50 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010.10.09 00:31:28 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 00:12:48 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.02 19:27:47 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.02 19:27:47 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.02 19:27:47 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.02 19:27:47 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.02 19:27:47 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.02 12:02:53 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2010.10.02 11:43:26 | 000,000,945 | ---- | M] () -- C:\Users\BG\Desktop\XMind.lnk
[2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.10.02 11:41:52 | 000,000,988 | ---- | M] () -- C:\Users\BG\Desktop\Glary Utilities.lnk
[2010.10.02 11:40:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Free Hide IP.lnk
[2010.10.02 11:39:32 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010.10.02 11:03:27 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.02 11:00:57 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.10.02 11:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.10.02 09:48:11 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.26 04:15:47 | 000,019,456 | ---- | M] () -- C:\Users\BG\AppData\Local\WebpageIcons.db
[2010.09.22 11:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.18 18:16:46 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2010.09.18 00:23:17 | 000,011,602 | ---- | M] () -- C:\Users\BG\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.09.12 21:05:21 | 000,384,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.12 20:57:41 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.10 04:56:59 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.09 02:01:28 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.10.09 01:03:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.09 00:53:28 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.10.09 00:46:02 | 000,001,066 | ---- | C] () -- C:\Users\BG\Desktop\ZoneAlarm Security.lnk
[2010.10.09 00:46:01 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.10.09 00:45:46 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.10.09 00:35:50 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010.10.09 00:31:28 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 00:12:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.02 12:24:17 | 000,001,087 | ---- | C] () -- C:\Users\BG\Desktop\Secunia PSI.lnk
[2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat
[2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat
[2010.10.02 12:13:37 | 000,195,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.10.02 12:13:37 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml
[2010.10.02 11:43:26 | 000,000,945 | ---- | C] () -- C:\Users\BG\Desktop\XMind.lnk
[2010.10.02 11:43:01 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2010.10.02 11:41:53 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.10.02 11:41:52 | 000,000,988 | ---- | C] () -- C:\Users\BG\Desktop\Glary Utilities.lnk
[2010.10.02 11:40:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Free Hide IP.lnk
[2010.10.02 11:39:32 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010.10.02 11:00:57 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.10.02 09:48:26 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.10.02 09:48:11 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.22 11:18:45 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.18 18:16:46 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2010.09.10 08:51:45 | 000,019,456 | ---- | C] () -- C:\Users\BG\AppData\Local\WebpageIcons.db
[2010.03.21 22:06:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.03.21 21:53:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2010.03.09 16:07:29 | 000,007,605 | ---- | C] () -- C:\Users\BG\AppData\Local\Resmon.ResmonCfg
[2010.02.07 23:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 19:08:17 | 000,000,000 | ---- | C] () -- C:\Users\BG\AppData\Roaming\wklnhst.dat
[2009.09.06 10:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
 
========== LOP Check ==========
 
[2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.#
[2010.09.07 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\AusLogics
[2010.09.07 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Canneverbe Limited
[2010.09.09 07:10:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\carspider
[2010.09.04 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\CheckPoint
[2010.10.02 12:09:43 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Chilirec
[2010.01.14 02:08:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DeepBurner
[2010.08.19 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\EPSON
[2010.10.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\FreeHideIP
[2010.10.02 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GlarySoft
[2010.10.02 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ICQ
[2010.02.24 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.01.04 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.09.07 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenCandy
[2010.03.21 04:15:16 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenOffice.org
[2010.09.01 05:34:17 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PhraseExpress
[2010.01.04 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Template
[2010.09.10 08:45:18 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Thunderbird
[2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.09.09 21:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---

Die Dateien wurden in die Quarantäne von AntiVir geschickt und befinden sich in den Verzeichnissen:



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 11. Oktober 2010 01:22

Es wird nach 2914079 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BG-VAIO

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 07:48:50
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 07:48:54
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 07:49:01
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 07:49:06
VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.2010 07:49:06
VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.2010 07:49:06
VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.2010 07:49:06
VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.2010 07:49:06
VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.2010 07:49:07
VBASE014.VDF : 7.10.11.202 144384 Bytes 18.09.2010 07:49:07
VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.2010 07:49:07
VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.2010 07:49:07
VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.2010 07:49:08
VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.2010 07:49:08
VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.2010 07:49:08
VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.2010 15:15:49
VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.2010 15:15:49
VBASE022.VDF : 7.10.12.149 2048 Bytes 07.10.2010 15:15:49
VBASE023.VDF : 7.10.12.150 2048 Bytes 07.10.2010 15:15:49
VBASE024.VDF : 7.10.12.151 2048 Bytes 07.10.2010 15:15:49
VBASE025.VDF : 7.10.12.152 2048 Bytes 07.10.2010 15:15:49
VBASE026.VDF : 7.10.12.153 2048 Bytes 07.10.2010 15:15:49
VBASE027.VDF : 7.10.12.154 2048 Bytes 07.10.2010 15:15:49
VBASE028.VDF : 7.10.12.155 2048 Bytes 07.10.2010 15:15:49
VBASE029.VDF : 7.10.12.156 2048 Bytes 07.10.2010 15:15:49
VBASE030.VDF : 7.10.12.157 2048 Bytes 07.10.2010 15:15:50
VBASE031.VDF : 7.10.12.166 66048 Bytes 08.10.2010 15:15:50
Engineversion : 8.2.4.72
AEVDF.DLL : 8.1.2.1 106868 Bytes 02.10.2010 07:49:14
AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 02.10.2010 07:49:14
AESCN.DLL : 8.1.6.1 127347 Bytes 02.10.2010 07:49:14
AESBX.DLL : 8.1.3.1 254324 Bytes 02.10.2010 07:49:14
AERDL.DLL : 8.1.9.2 635252 Bytes 02.10.2010 07:49:13
AEPACK.DLL : 8.2.3.7 471413 Bytes 02.10.2010 07:49:13
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 02.10.2010 07:49:12
AEHEUR.DLL : 8.1.2.30 2941303 Bytes 02.10.2010 07:49:12
AEHELP.DLL : 8.1.13.4 242038 Bytes 02.10.2010 07:49:10
AEGEN.DLL : 8.1.3.23 401779 Bytes 02.10.2010 07:49:10
AEEMU.DLL : 8.1.2.0 393588 Bytes 02.10.2010 07:49:10
AECORE.DLL : 8.1.17.0 196982 Bytes 02.10.2010 07:49:09
AEBB.DLL : 8.1.1.0 53618 Bytes 02.10.2010 07:49:09
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4d397961\guard_slideup.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 11. Oktober 2010 01:22

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'guardhlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VcmIAlzMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHCImp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHPlMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHDs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHDms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SOHDBSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SHTtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Temp\CAVE56A.tmp'
C:\Windows\Temp\CAVE56A.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4867ea23.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE58A.tmp'
C:\Windows\Temp\CAVE58A.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f0c584.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE5CA.tmp'
C:\Windows\Temp\CAVE5CA.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02af9f6c.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE5DA.tmp'
C:\Windows\Temp\CAVE5DA.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6498d0ae.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE60A.tmp'
C:\Windows\Temp\CAVE60A.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '211cfd90.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE669.tmp'
C:\Windows\Temp\CAVE669.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5e07cff1.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE6A8.tmp'
C:\Windows\Temp\CAVE6A8.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12bfe3bb.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE6E8.tmp'
C:\Windows\Temp\CAVE6E8.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6ea7a3eb.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE727.tmp'
C:\Windows\Temp\CAVE727.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '43fd8ca6.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE757.tmp'
C:\Windows\Temp\CAVE757.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5a95b73c.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE7A6.tmp'
C:\Windows\Temp\CAVE7A6.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '36c99b0c.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE7E5.tmp'
C:\Windows\Temp\CAVE7E5.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4770a299.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE853.tmp'
C:\Windows\Temp\CAVE853.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '496a925e.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE883.tmp'
C:\Windows\Temp\CAVE883.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0c43eb1c.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE8B3.tmp'
C:\Windows\Temp\CAVE8B3.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0548efb7.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\CAVE8F2.tmp'
C:\Windows\Temp\CAVE8F2.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d09f6de.qua' verschoben!
Beginne mit der Suche in 'C:\Windows\Temp\_avast5_\unp243574309.tmp'
C:\Windows\Temp\_avast5_\unp243574309.tmp
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71d78f4f.qua' verschoben!


Ende des Suchlaufs: Montag, 11. Oktober 2010 01:23
Benötigte Zeit: 00:34 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
46 Dateien wurden geprüft
17 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
17 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
29 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
17 Hinweise
95 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden


Die Suchergebnisse werden an den Guard übermittelt.

Und zum Abschluß kann ich noch einen HijackThis Report liefern:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:58:21, on 11.10.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\BG\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: NameServer = 129.143.2.1,129.143.2.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12978 bytes
         
--- --- ---

Vielen Dank und mit freundlichen Grüßen

Euer baga1

Alt 11.10.2010, 12:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Zitat:
Comodo Internet Security Premium, Avast, AntiVir sowie eine Firwall von Zonealarm.
Oje, nach dem Motto viel hilft viel
Es ist absolut kontraproduktiv so viele Programme dieser Kategorie auf dem PC zu installieren! COMODO und ZoneAlarm allein sind schon sinnfrei!
Deinstallier alle Programme bis auf AntiVir oder Avast. Einen Virenscanner also behalten!

Sag Bescheid wenn Du durch bist.
__________________

__________________

Alt 11.10.2010, 16:59   #3
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Zitat:
Zitat von cosinus Beitrag anzeigen
....Deinstallier alle Programme bis auf AntiVir oder Avast. Einen Virenscanner also behalten!

Sag Bescheid wenn Du durch bist.
Hallo, danke für die schnelle Reaktion.

Bin durch!

Gruß baga1
__________________

Alt 11.10.2010, 19:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Bitte jetzt einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.10.2010, 10:21   #5
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Hallo Arne,
danke dass geht ja fix.
Vollscan erledigt vorher aktuallisiert. Anbei das Ergebnis:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4796

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.10.2010 00:39:51
mbam-log-2010-10-12 (00-39-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 259803
Laufzeit: 43 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gruß baga1


Alt 12.10.2010, 11:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Dann bitte neue Logs mit OTL machen:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> 17 Meldungen über Avira: TR/Crypt.XPACK.Gen

Alt 12.10.2010, 17:10   #7
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Hallo Arne, habe den Scann gemacht anbei die Datei.
Dank dir nochmal:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.10.2010 17:11:34 - Run 2
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\BG\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 393,97 Gb Free Space | 86,35% Space Free | Partition Type: NTFS
 
Computer Name: BG-VAIO | User Name: BG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\BG\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\BG\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.03 23:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.02 11:40:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 04:56:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.22 11:18:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.10 08:45:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Extensions
[2010.09.10 08:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.12 17:11:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions
[2010.09.07 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.04 00:04:31 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\BG\AppData\Roaming\mozilla\Firefox\Profiles\kphjp5z9.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2010.08.20 06:37:31 | 000,000,873 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\conduit.xml
[2010.09.26 19:02:06 | 000,000,944 | ---- | M] () -- C:\Users\BG\AppData\Roaming\Mozilla\FireFox\Profiles\kphjp5z9.default\searchplugins\icqplugin.xml
[2010.10.02 11:03:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.20 00:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 15:07:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe File not found
O4 - Startup: C:\Users\BG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.11 18:30:14 | 000,000,000 | ---D | C] -- C:\Programme\COMODO
[2010.10.10 04:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.10.10 04:55:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.09 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\Sunbelt Software
[2010.10.09 00:39:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.10.09 00:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.10.09 00:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010.10.09 00:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.09 00:31:36 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Malwarebytes
[2010.10.09 00:31:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.09 00:31:24 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.09 00:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.09 00:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.09 00:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2010.10.04 02:10:28 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\ElevatedDiagnostics
[2010.10.02 12:13:38 | 012,964,352 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2010.10.02 12:13:38 | 004,661,760 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2010.10.02 12:13:38 | 002,609,152 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2010.10.02 12:13:38 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010.10.02 12:13:37 | 017,199,616 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2010.10.02 12:13:37 | 006,106,624 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2010.10.02 12:13:37 | 003,034,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2010.10.02 12:13:37 | 000,436,736 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010.10.02 12:13:37 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010.10.02 12:13:37 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2010.10.02 12:13:37 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2010.10.02 12:13:37 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2010.10.02 12:13:37 | 000,043,008 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2010.10.02 12:13:37 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010.10.02 12:13:36 | 004,634,112 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2010.10.02 12:13:36 | 003,547,136 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2010.10.02 12:13:36 | 000,208,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2010.10.02 12:13:36 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2010.10.02 12:13:36 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2010.10.02 12:13:36 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010.10.02 12:13:36 | 000,039,936 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2010.10.02 11:46:53 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\GlarySoft
[2010.10.02 11:43:15 | 000,000,000 | ---D | C] -- C:\Users\BG\Application Data
[2010.10.02 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\SlimWare Utilities Inc
[2010.10.02 11:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMind
[2010.10.02 11:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\FreeHideIP
[2010.10.02 11:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeHideIP
[2010.10.02 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeHideIP
[2010.10.02 11:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2010.10.02 10:03:12 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Roaming\Avira
[2010.10.02 09:48:07 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.02 09:48:07 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.02 09:48:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.02 09:48:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.02 09:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.02 09:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.10.02 09:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.10.02 09:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010.09.24 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\BG\Desktop\Mobile
[2010.09.23 11:47:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010.09.22 11:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\My Games
[2010.09.21 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\BG\AppData\Local\My Games
[2010.09.21 21:32:18 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.09.21 21:32:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.09.21 21:32:18 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2010.09.21 21:32:18 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2010.09.21 21:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010.09.21 21:32:17 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.09.21 21:32:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.09.21 21:32:17 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.09.21 21:32:17 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.09.21 21:32:17 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.09.21 21:32:17 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.09.21 21:32:17 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.09.21 21:32:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.09.21 21:32:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.09.21 21:32:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.09.21 21:32:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.09.21 21:32:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.09.21 21:32:16 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.09.21 21:32:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.09.21 21:32:15 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.09.21 21:32:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.09.21 21:32:15 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.09.21 21:32:15 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.09.21 21:32:14 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.09.21 21:32:14 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.09.21 21:32:13 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.09.21 21:32:13 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.09.18 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2010.09.18 18:20:04 | 000,000,000 | ---D | C] -- C:\Users\BG\Documents\Stronghold 2
[2010.09.18 18:17:53 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.09.18 18:17:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.09.18 18:17:52 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.09.18 18:17:52 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.09.18 18:17:52 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.09.18 18:17:52 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.09.18 18:17:51 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.09.18 18:17:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.09.18 18:17:50 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.09.18 18:17:50 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.09.18 18:17:50 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.09.18 18:17:50 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.09.18 18:17:50 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.09.18 18:17:50 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.09.18 18:17:49 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.09.18 18:17:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.09.18 18:17:48 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.09.18 18:17:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.09.18 18:17:43 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.09.18 18:17:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.09.18 18:17:43 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.09.18 18:17:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.09.18 18:17:42 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.09.18 18:17:42 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.09.18 18:17:41 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.09.18 18:17:41 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.09.18 18:17:40 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.09.18 18:17:39 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.09.18 18:17:39 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.09.18 18:17:38 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.09.18 18:17:38 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.09.18 18:17:38 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.09.18 18:17:38 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.09.18 18:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2010.09.12 21:19:48 | 000,000,000 | ---D | C] -- C:\da9d2d5a2cb9caf1a0ea03
[2010.09.12 20:59:16 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.09.12 20:59:16 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.09.12 20:59:16 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.09.12 20:59:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.09.12 20:59:16 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.09.12 20:59:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.09.12 20:59:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.09.12 20:59:16 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.09.12 20:07:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.12 20:07:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.12 20:07:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.12 20:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.12 20:07:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.12 20:07:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.09.12 20:07:14 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.09.12 20:07:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.09.12 20:07:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.09.12 20:07:01 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.09.12 20:07:00 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.09.12 20:07:00 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.09.12 20:06:59 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.09.12 20:06:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.09.12 20:06:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.09.12 20:06:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.09.12 20:06:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.09.12 20:06:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.09.12 20:06:53 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.09.12 20:06:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.09.12 20:06:52 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.09.12 20:06:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.09.12 20:06:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.09.12 20:06:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.09.12 20:06:27 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.09.12 20:06:17 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.12 17:04:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 17:04:15 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 16:59:18 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.10.12 16:56:16 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.12 16:56:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.12 16:55:55 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.12 13:37:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.11 19:53:01 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.10.10 04:56:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.09 02:01:28 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.09 00:31:28 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 00:12:48 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.02 19:27:47 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.02 19:27:47 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.02 19:27:47 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.02 19:27:47 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.02 19:27:47 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.02 12:02:53 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2010.10.02 11:43:26 | 000,000,945 | ---- | M] () -- C:\Users\BG\Desktop\XMind.lnk
[2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.10.02 11:41:52 | 000,000,988 | ---- | M] () -- C:\Users\BG\Desktop\Glary Utilities.lnk
[2010.10.02 11:40:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Free Hide IP.lnk
[2010.10.02 11:39:32 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010.10.02 11:03:27 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.02 11:00:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.10.02 09:48:11 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.26 04:15:47 | 000,019,456 | ---- | M] () -- C:\Users\BG\AppData\Local\WebpageIcons.db
[2010.09.22 11:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.18 18:16:46 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2010.09.18 00:23:17 | 000,011,602 | ---- | M] () -- C:\Users\BG\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.09.12 21:05:21 | 000,384,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.10 04:56:59 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.09 02:01:28 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.10.09 01:03:36 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.09 00:53:28 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.10.09 00:31:28 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 00:12:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.02 12:24:17 | 000,001,087 | ---- | C] () -- C:\Users\BG\Desktop\Secunia PSI.lnk
[2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010.10.02 12:13:38 | 000,442,208 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.10.02 12:13:38 | 000,028,732 | ---- | C] () -- C:\Windows\SysNative\ativvsny.dat
[2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.10.02 12:13:38 | 000,026,936 | ---- | C] () -- C:\Windows\SysNative\ativvsnl.dat
[2010.10.02 12:13:37 | 000,195,855 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.10.02 12:13:37 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml
[2010.10.02 11:43:26 | 000,000,945 | ---- | C] () -- C:\Users\BG\Desktop\XMind.lnk
[2010.10.02 11:43:01 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2010.10.02 11:41:53 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.10.02 11:41:52 | 000,000,988 | ---- | C] () -- C:\Users\BG\Desktop\Glary Utilities.lnk
[2010.10.02 11:40:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Free Hide IP.lnk
[2010.10.02 11:39:32 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2010.10.02 09:48:26 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.10.02 09:48:11 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.09.22 11:18:45 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.18 18:16:46 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2010.09.10 08:51:45 | 000,019,456 | ---- | C] () -- C:\Users\BG\AppData\Local\WebpageIcons.db
[2010.03.21 22:06:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.03.21 21:53:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2010.03.09 16:07:29 | 000,007,605 | ---- | C] () -- C:\Users\BG\AppData\Local\Resmon.ResmonCfg
[2010.02.07 23:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 19:08:17 | 000,000,000 | ---- | C] () -- C:\Users\BG\AppData\Roaming\wklnhst.dat
[2009.09.06 10:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== LOP Check ==========
 
[2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.#
[2010.09.07 17:55:57 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\AusLogics
[2010.09.07 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Canneverbe Limited
[2010.09.09 07:10:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\carspider
[2010.09.04 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\CheckPoint
[2010.10.02 12:09:43 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Chilirec
[2010.01.14 02:08:32 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DeepBurner
[2010.08.19 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\EPSON
[2010.10.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\FreeHideIP
[2010.10.02 11:46:53 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\GlarySoft
[2010.10.02 10:32:26 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\ICQ
[2010.02.24 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.01.04 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.09.07 17:45:14 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenCandy
[2010.03.21 04:15:16 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\OpenOffice.org
[2010.09.01 05:34:17 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\PhraseExpress
[2010.01.04 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Template
[2010.09.10 08:45:18 | 000,000,000 | ---D | M] -- C:\Users\BG\AppData\Roaming\Thunderbird
[2010.10.09 01:03:36 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.10.02 11:41:53 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.09.09 21:20:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---

Alt 13.10.2010, 09:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSETUP.EXE -- File not found
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
[2010.06.28 22:30:34 | 000,000,000 | -HSD | M] -- C:\Users\BG\AppData\Roaming\.#
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.10.2010, 13:39   #9
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Hallo Arne, anbei die Editor-Datei welche nach dem Start geöffnet wurde.
Was ich hier in OTL eingegeben habe ist das für andere PC auch anwendbar oder ist dass nur für meinen speziell? Was soll ich jetzt machen?
Dank dir nochmals.

Gruß Baga


All processes killed
========== OTL ==========
Service SWDUMon stopped successfully!
Service SWDUMon deleted successfully!
C:\Windows\SysNative\drivers\SWDUMon.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bde4931-e5c2-11de-bf6e-806e6f6e6963}\ not found.
File F:\EPSETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64edd0d8-3ea1-11df-8795-806e6f6e6963}\ not found.
File F:\Autorun.exe not found.
C:\Users\BG\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: BG
->Temp folder emptied: 2079998 bytes
->Temporary Internet Files folder emptied: 117562 bytes
->Java cache emptied: 71580376 bytes
->FireFox cache emptied: 61474828 bytes
->Flash cache emptied: 1300 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 162861 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129,00 mb


OTL by OldTimer - Version 3.2.15.1 log created on 10132010_142900

Files\Folders moved on Reboot...
C:\Users\BG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\BG\AppData\Local\Temp\~DF208CEA56ECA962DB.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF21107C826C63CDB4.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF24A7D43B8C01CA7D.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF3217620403E6558D.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF5A509C5CB5555A3C.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF6BB4FDBA8103632C.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF9317F639F2F9CE3D.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DF9E3E9EFB02729C49.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DFA60288FF3407E88C.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DFD1C366D6C0004BD4.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DFD974A0AC9D71E443.TMP not found!
File\Folder C:\Users\BG\AppData\Local\Temp\~DFE8B86805550930BE.TMP not found!

Registry entries deleted on Reboot...

Alt 13.10.2010, 13:40   #10
baga1
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Ach und hatte ich jetzt einen schlimmen Befall?

Alt 13.10.2010, 16:36   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Standard

17 Meldungen über Avira: TR/Crypt.XPACK.Gen



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu 17 Meldungen über Avira: TR/Crypt.XPACK.Gen
0 bytes, ad-aware, alternate, antivir, antivir guard, avast!, avgntflt.sys, avira, bho, c:\windows\system32\services.exe, checkpoint, components, converter, desktop, dllhost.exe, error, eudora, firefox, firefox.exe, hijack, hijackthis, home, home premium, iastor.sys, location, logfile, mozilla thunderbird, mp3, nt.dll, oldtimer, otl logfile, otl.exe, programdata, realtek, searchplugins, security, senden, server, software, start menu, svchost.exe, syswow64, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, versteckte objekte, webcheck, windows, wuauclt.exe



Ähnliche Themen: 17 Meldungen über Avira: TR/Crypt.XPACK.Gen


  1. TR/Crypt.XPACK.Gen7 und Malewarebites Meldungen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2015 (9)
  2. Diverse Maleware-Meldungen über Avira - FlowSurf - Teil 1
    Log-Analyse und Auswertung - 19.01.2015 (6)
  3. tr/crypt.xpack.gen3 und AVIRA
    Plagegeister aller Art und deren Bekämpfung - 25.12.2014 (3)
  4. Avira findet TR/Emotet.A.46 und TR/Crypt.Xpack!
    Log-Analyse und Auswertung - 11.12.2014 (13)
  5. Avira Fund von TR/Crypt.XPACK.GEN
    Log-Analyse und Auswertung - 15.04.2014 (19)
  6. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  7. Avira hat TR/Crypt:Xpack.gen entdeckt
    Log-Analyse und Auswertung - 12.06.2013 (10)
  8. crypt.xpack.gen und ...gen8 über Emailanhang eingefangen
    Log-Analyse und Auswertung - 19.02.2013 (13)
  9. TR/Crypt.XPACK.Gen von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (5)
  10. Avira hat TR/Crypt.XPACK.Gen gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (18)
  11. TR/Crypt.XPACK.Gen über website?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (4)
  12. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  13. Avira hat TR/Crypt.XPACK.Gen gefunden
    Log-Analyse und Auswertung - 23.11.2009 (1)
  14. Avira findet tr/crypt.xpack.gen
    Log-Analyse und Auswertung - 21.04.2009 (13)
  15. Avira findet TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 26.03.2009 (8)
  16. Avira meldet TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.03.2009 (1)
  17. Avira findet TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 18.09.2008 (0)

Zum Thema 17 Meldungen über Avira: TR/Crypt.XPACK.Gen - Sehr geehrte Damen und Herren, ich benötige Hilfe bzgl. einer Meldung in einem meiner AntiVieren-Programme: Avira AntiVir zeigte mir folgenden Trojaner auf: TR/Crypt.XPACK.Gen in 17-facher Ausführung!!! Die Dateien wurden in - 17 Meldungen über Avira: TR/Crypt.XPACK.Gen...
Archiv
Du betrachtest: 17 Meldungen über Avira: TR/Crypt.XPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.