|
Plagegeister aller Art und deren Bekämpfung: Avira meldet Fund von TR/Crypt.Xpack.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2010, 12:05 | #1 |
| Avira meldet Fund von TR/Crypt.Xpack.gen Hallo, ich habe mir Anfang August einen neuen Laptop gekauft. Ich war damit bisher nur im Internet um mir den Firefox, Avira und den Acrobat Reader herunterzuladen. Nach dem Hochfahren hat mir Avira folgenden Fund gemeldet: "In der Datei 'C:\ProgramData\Adobe\Reader\9.2\ARM\BIT1D42.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben" um 23:47 "In der Datei 'C:\ProgramData\Adobe\Reader\9.2\ARM\BIT1D42.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern" um 23:48 Danach habe ich einen vollständigen Systemscan mit Avira machen wollen, das ging jedoch nicht, da es immer hängen geblieben ist, nachdem ein Teil gescannt war. Ich habe dann den PC neu gestartet und dann wurde angezeigt (während des Hochfahrens), dass sehr viele Datein geändert werden (Datei ... von ... Dateien geändert). Dies habe ich durch Unterbrechen der Stromzufuhr (da es sich nicht anders stoppen ließ) abgebrochen. Daraufhin wurde eine Sytemwiederherstellung durchgeführt. Ich habe noch Norton das komplette System scannen lassen (ohne Funde), Avira stoppt nach wie vor beim Scan. Der gemeldete Fund ist auch nicht in der Avira Quarantäne zu finden. War dies nun ein Fehlalarm oder meine PC befallen? Anbei die Logs Malwarebytes: 27.08.2010 12:04:36 mbam-log-2010-08-27 (12-04-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 115138 Laufzeit: 3 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL.txt: Code:
ATTFilter OTL logfile created on: 27.08.2010 12:09:36 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sonja\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,56 Gb Total Space | 422,60 Gb Free Space | 93,38% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 92,36 Mb Free Space | 93,27% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.27 11:55:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\MFTools\OTL.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.25 00:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe PRC - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ========== Modules (SafeList) ========== MOD - [2010.08.27 11:55:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\MFTools\OTL.exe MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc) SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.26 02:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2009.01.14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.08.15 02:12:26 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2010.04.29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.04.22 05:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys -- (SymEFA) DRV:64bit: - [2010.04.22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.26 02:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys -- (ccHP) DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.11.03 20:59:04 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.24 03:53:00 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.10.05 09:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.30 02:17:21 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\symtdiv.sys -- (SYMTDIv) DRV:64bit: - [2009.08.30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys -- (SymDS) DRV:64bit: - [2009.08.30 02:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2010.08.15 02:27:32 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.048\EX64.SYS -- (NAVEX15) DRV - [2010.08.15 02:27:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010.08.15 02:27:32 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010.08.15 02:27:32 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100826.048\ENG64.SYS -- (NAVENG) DRV - [2010.08.10 03:11:04 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64) DRV - [2010.08.09 17:43:50 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100826.001\IDSviA64.sys -- (IDSVia64) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/HPNOT/4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.08.15 02:12:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.08.15 02:12:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.13 20:59:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.14 23:46:38 | 000,000,000 | ---D | M] [2010.08.13 21:00:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2010.08.15 01:13:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ekms4y7a.default\extensions [2010.08.13 20:59:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.27 11:59:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.27 11:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.08.27 11:57:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2010.08.27 11:57:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.27 11:57:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.27 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.27 11:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.27 11:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2010.08.27 11:55:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\MFTools [2010.08.15 02:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.08.15 02:14:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Tific [2010.08.15 02:13:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Tific [2010.08.15 02:13:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Symantec [2010.08.15 02:12:30 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.08.15 02:12:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.08.15 02:12:26 | 000,000,000 | ---D | C] -- C:\Programme\Symantec [2010.08.13 21:28:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.13 21:24:40 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Adobe [2010.08.13 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Mozilla [2010.08.13 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Mozilla [2010.08.13 20:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.08.13 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira [2010.08.13 19:43:01 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.08.13 19:43:01 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.08.13 19:43:01 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.08.13 19:43:01 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.08.13 19:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.08.13 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.08.10 12:54:34 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Diagnostics [2010.08.08 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft Games [2010.08.07 18:41:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\LDW [2010.08.07 18:40:18 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Macromedia [2010.08.07 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\WildTangent [2010.08.07 15:38:38 | 000,000,000 | R-SD | C] -- C:\Users\XXX\Documents\My Stationery [2010.08.07 15:38:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\CyberLink [2010.08.07 15:38:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\CyberLink [2010.08.07 15:09:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Adobe [2010.08.07 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\_MDLogs [2010.08.07 15:04:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\HpUpdate [2010.08.07 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\ATI [2010.08.07 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ATI [2010.08.07 14:59:37 | 000,000,000 | R--D | C] -- C:\Users\XXX\Searches [2010.08.07 14:59:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Identities [2010.08.07 14:59:28 | 000,000,000 | R--D | C] -- C:\Users\XXX\Contacts [2010.08.07 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\VirtualStore [2010.08.07 14:59:14 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Hewlett-Packard [2010.08.07 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Hewlett-Packard [2010.08.07 14:50:42 | 000,000,000 | --SD | C] -- C:\Users\XXX\AppData\Roaming\Microsoft [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Videos [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Saved Games [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Pictures [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Music [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Links [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Favorites [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Downloads [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Documents [2010.08.07 14:50:42 | 000,000,000 | R--D | C] -- C:\Users\XXX\Desktop [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Vorlagen [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Verlauf [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Temporary Internet Files [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Startmenü [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\SendTo [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Recent [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Netzwerkumgebung [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Lokale Einstellungen [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Videos [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Musik [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Eigene Dateien [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Documents\Eigene Bilder [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Druckumgebung [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Cookies [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\AppData\Local\Anwendungsdaten [2010.08.07 14:50:42 | 000,000,000 | -HSD | C] -- C:\Users\XXX\Anwendungsdaten [2010.08.07 14:50:42 | 000,000,000 | -H-D | C] -- C:\Users\XXX\AppData [2010.08.07 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Temp [2010.08.07 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Microsoft [2010.08.07 14:50:42 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Programme [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.08.07 14:50:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten ========== Files - Modified Within 90 Days ========== [2010.08.27 12:11:18 | 001,048,576 | -HS- | M] () -- C:\Users\XXX\ntuser.dat [2010.08.27 11:59:24 | 000,001,108 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.27 11:59:13 | 000,000,928 | ---- | M] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk [2010.08.27 11:59:13 | 000,000,909 | ---- | M] () -- C:\Users\XXX\Desktop\ERUNT.lnk [2010.08.27 11:56:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.27 11:56:25 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.27 11:52:58 | 000,388,175 | ---- | M] () -- C:\Users\XXX\Desktop\Load.exe [2010.08.27 11:52:46 | 001,151,184 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1100000.088\Cat.DB [2010.08.27 11:50:54 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.27 11:50:54 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.27 11:50:54 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.27 11:50:54 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.27 11:50:54 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.27 11:45:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.27 11:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.27 11:45:09 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2010.08.15 03:16:02 | 000,348,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.15 03:14:22 | 002,214,817 | -H-- | M] () -- C:\Users\XXX\AppData\Local\IconCache.db [2010.08.15 02:12:26 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2010.08.15 02:12:26 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.08.15 02:12:26 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.08.15 02:12:25 | 000,002,576 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010.08.15 01:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TMContainer00000000000000000002.regtrans-ms [2010.08.15 01:00:09 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TMContainer00000000000000000001.regtrans-ms [2010.08.15 01:00:09 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TM.blf [2010.08.13 21:33:34 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2010.08.13 21:28:26 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.13 20:59:58 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.07 20:50:04 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.08.07 20:50:04 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.08.07 15:43:44 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.08.07 15:43:44 | 000,524,288 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.08.07 15:43:44 | 000,065,536 | -HS- | M] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.08.07 15:09:36 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.07 14:55:26 | 000,084,240 | ---- | M] () -- C:\Users\XXX\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.07 14:50:42 | 000,000,020 | -HS- | M] () -- C:\Users\XXX\ntuser.ini ========== Files Created - No Company Name ========== [2010.08.27 11:59:23 | 000,001,108 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010.08.27 11:59:13 | 000,000,928 | ---- | C] () -- C:\Users\XXX\Desktop\NTREGOPT.lnk [2010.08.27 11:59:13 | 000,000,909 | ---- | C] () -- C:\Users\XXX\Desktop\ERUNT.lnk [2010.08.27 11:52:57 | 000,388,175 | ---- | C] () -- C:\Users\XXX\Desktop\Load.exe [2010.08.15 02:12:30 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2010.08.15 02:12:30 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2010.08.15 02:12:25 | 000,002,576 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2010.08.15 00:33:31 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TMContainer00000000000000000002.regtrans-ms [2010.08.15 00:33:31 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TMContainer00000000000000000001.regtrans-ms [2010.08.15 00:33:30 | 000,065,536 | -HS- | C] () -- C:\Users\XXX\ntuser.dat{e5d1bec8-a7f3-11df-8412-c80aa97f759d}.TM.blf [2010.08.13 21:28:26 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.13 20:59:58 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.07 15:09:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.08.07 14:59:57 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Local\QSwitch.txt [2010.08.07 14:59:57 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Local\DSwitch.txt [2010.08.07 14:59:57 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Local\AtStart.txt [2010.08.07 14:59:55 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010.08.07 14:51:59 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2010.08.07 14:51:59 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.08.07 14:50:42 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.08.07 14:50:42 | 000,524,288 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.08.07 14:50:42 | 000,262,144 | -HS- | C] () -- C:\Users\XXX\ntuser.dat.LOG1 [2010.08.07 14:50:42 | 000,065,536 | -HS- | C] () -- C:\Users\XXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.08.07 14:50:42 | 000,000,020 | -HS- | C] () -- C:\Users\XXX\ntuser.ini [2010.08.07 14:50:42 | 000,000,000 | -HS- | C] () -- C:\Users\XXX\ntuser.dat.LOG2 [2010.08.07 14:50:41 | 001,048,576 | -HS- | C] () -- C:\Users\XXX\ntuser.dat [2010.04.20 02:35:29 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2010.04.20 02:35:24 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2010.04.20 02:35:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2010.04.20 02:34:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2010.04.20 02:34:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2010.04.20 02:20:24 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.04.20 02:20:24 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.01.23 17:41:16 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2010.01.23 17:38:50 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2010.01.23 17:38:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010.01.23 17:37:38 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.08.15 02:13:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Tific [2010.08.07 18:40:16 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WildTangent [2010.08.09 20:58:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\_MDLogs [2009.07.14 07:08:49 | 000,006,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < C:\Users\XXX\Desktop\MFTools\scan.txt > [2010.08.10 19:06:15 | 000,000,991 | ---- | M] () -- C:\Users\XXX\Desktop\MFTools\scan.txt < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.08.2010 12:09:36 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Sonja\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,56 Gb Total Space | 422,60 Gb Free Space | 93,38% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 92,36 Mb Free Space | 93,27% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: XXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64 "{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French "{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech "{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista "{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant "{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light "{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish "{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides "{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean "{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static "{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish "{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI "{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common "{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy "{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch "{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EasyBits Magic Desktop" = Magic Desktop "ERUNT_is1" = ERUNT 1.1j "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "NIS" = Norton Internet Security "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials < End of report > Liebe Grüße nala |
28.08.2010, 13:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von TR/Crypt.Xpack.gen Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ |
28.08.2010, 14:58 | #3 |
| Avira meldet Fund von TR/Crypt.Xpack.gen Hallo,
__________________vielen Dank für deine schnelle Hilfe :-) Hier das Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4494 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28.08.2010 15:52:45 mbam-log-2010-08-28 (15-52-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 278560 Laufzeit: 40 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danke und liebe Grüße nala |
28.08.2010, 18:47 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von TR/Crypt.Xpack.gen ja der PC sieht sauber aus. Ich denke das waren Fehlalarme. PDF-Reader wechseln Der AdobeReader ist in Vergangenheit mit massiven Sicherheitslücken aufgefallen, die wochenlang nicht gefixt wurden. Du solltest daher besser den AdobeReader über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.y" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Avira meldet Fund von TR/Crypt.Xpack.gen |
64-bit, anfang, antivir, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, components, desktop, error, excel, fehlalarm, firefox, firefox.exe, flash player, helper, home, home premium, hängen, iastor.sys, install.exe, intrusion prevention, launch, location, logfile, media center, microsoft office word, mozilla, oldtimer, otl logfile, plug-in, programdata, programm, realtek, registry, saver, searchplugins, security, senden, shell32.dll, shortcut, software, start menu, stromzufuhr, symantec, syswow64, sytemwiederherstellung, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', usb 2.0, virus, webcheck, windows |