| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infizierung durch TR/Crypt.XPACK.Gen3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2010, 13:31
| #1 |
| |  Infizierung durch TR/Crypt.XPACK.Gen3 Hallo! Mich hat -wie viele andere offensichtlich auch der Trojaner TR/Crypt.XPACK.Gen3 erwischt. Mit Antivir kriege ich den nicht weg. Habe nun bei Euch geschaut und bisher folgendes gemacht. Scan mit Malwarebytes und Scan mit OTL. Die Logfiles schicke ich mit. Aber wie geht es jetzt weiter? Mit besten Grüßen und vielem Dank für Hilfe Longplayer Scan mit Malwartebytes: Logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4784 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 09.10.2010 11:51:23 mbam-log-2010-10-09 (11-51-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 332647 Laufzeit: 2 Stunde(n), 15 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Scan mit OTL OTL.TXT:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2010 12:53:07 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = D:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,33 Gb Total Space | 17,53 Gb Free Space | 24,57% Space Free | Partition Type: NTFS Drive D: | 71,84 Gb Total Space | 6,02 Gb Free Space | 8,38% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-747B59264E Current User Name: lars Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - c:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\maxdome\DCBin\DCTrayApp.exe () PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.) PRC - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) PRC - C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe () PRC - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\lars\Lokale Einstellungen\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\WINDOWS\PLFSetL.exe (sonix) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe ( ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Phonic\HB_FW_MKII_Series\Phonic_cpl.exe (Phonic) PRC - C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) PRC - C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\MSNChatHook.dll (HiTRUST) MOD - C:\WINDOWS\system32\ShowErrMsg.dll (HiTRUST) MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\CryptoAPI.dll (HiTRUST) MOD - C:\WINDOWS\system32\mfc71u.dll (Microsoft Corporation) MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll () MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (Prosieben) -- C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.) SRV - (AVerScheduleService) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe () SRV - (AVerRemote) -- C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe ( ) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (BEHRINGER_2902) -- C:\WINDOWS\system32\drivers\BUSB2902.sys (BEHRINGER) DRV - (BUSB_AUDIO_WDM) -- C:\WINDOWS\system32\drivers\busbwdm.sys (BEHRINGER) DRV - (automap) -- C:\WINDOWS\system32\drivers\automap.sys (Novation Digital Music Systems Limited) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (AVerAF15) -- C:\WINDOWS\system32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio) DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (Phonic_avs) -- C:\WINDOWS\system32\drivers\Phonic_avs.sys (BridgeCo AG) DRV - (Phonic_1394) -- C:\WINDOWS\system32\drivers\Phonic_1394.sys (BridgeCo AG) DRV - (RDID1027) -- C:\WINDOWS\system32\drivers\Rdwm1027.sys (Roland Corporation) DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys () DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (MIDEX3) -- C:\WINDOWS\system32\drivers\Midex3.sys (Steinberg Media Technologies) DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA) DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA) DRV - (MDX3LDR) -- C:\WINDOWS\system32\drivers\Mdx3ldr.sys (Steinberg Media Technologies AG) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pctools.com/mrc/fix_homepage/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ixquick - Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Programme\eMusic Download Manager\xulrunner\components [2010.09.04 15:57:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Programme\eMusic Download Manager\xulrunner\plugins [2010.10.07 20:33:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2010.08.10 20:20:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.04 15:57:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 20:33:17 | 000,000,000 | ---D | M] [2010.03.06 00:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Extensions [2010.10.04 20:49:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\extensions [2010.05.10 19:56:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.04 16:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.04 16:33:08 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.09.26 20:02:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.10.04 20:49:12 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Mozilla\Firefox\Profiles\zwpphteh.default\searchplugins\ixquick---deutsch.xml [2010.04.30 23:53:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe () O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix) O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [eNMTray.exe] File not found O4 - HKCU..\Run: [pdfSaver3] C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk = C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk = C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\maxdome Download Manager.lnk = C:\Programme\maxdome\DCBin\DCTrayApp.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Phonic Control Panel.lnk = C:\Programme\Phonic\HB_FW_MKII_Series\Phonic_cpl.exe (Phonic) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe () O4 - Startup: C:\Dokumente und Einstellungen\lars\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\lars\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.06 22:31:45 | 000,000,000 | ---- | M] () - C:\AutomapClients.ini -- [ NTFS ] O33 - MountPoints2\{d7855dc8-2ed6-11df-b836-001f3c303f0d}\Shell - "" = AutoRun O33 - MountPoints2\{d7855dc8-2ed6-11df-b836-001f3c303f0d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d7855dc8-2ed6-11df-b836-001f3c303f0d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.09 09:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Malwarebytes [2010.10.09 09:33:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.09 09:33:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.09 09:33:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.09 09:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.08 10:31:50 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys [2010.10.08 10:31:10 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick [2010.10.08 10:31:08 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb.sys [2010.10.08 10:31:07 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlanci.dll [2010.10.08 10:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\AVM_Driver [2010.10.08 10:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lars\AVM_Driver [2010.10.04 20:55:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2010.10.04 20:55:20 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2010.10.04 20:55:20 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2010.10.03 11:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PBL3 [2010.10.03 11:35:59 | 000,000,000 | ---D | C] -- C:\Schroedel [2010.10.03 11:35:59 | 000,000,000 | ---D | C] -- C:\Programme\PBL3 [2010.09.26 20:04:30 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2010.09.26 20:02:46 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.09.26 20:02:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS [2010.09.13 22:41:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\PriceGong [2007.07.12 09:30:12 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll [2007.04.02 12:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2005.11.23 07:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.09 09:34:01 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 09:22:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.09 09:22:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.09 09:22:42 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys [2010.10.08 17:05:41 | 004,194,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\lars\NTUSER.DAT [2010.10.08 17:05:18 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\lars\ntuser.ini [2010.10.08 17:04:11 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\lars\Desktop\Microsoft Word.lnk [2010.10.08 14:42:52 | 000,461,356 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.08 14:42:52 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.08 14:42:52 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.08 14:42:51 | 001,076,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.10.08 14:42:51 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.07 20:33:17 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.10.04 18:05:01 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\lars\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.03 20:26:47 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.03 11:38:23 | 000,000,789 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pusteblume 3.lnk [2010.10.02 22:22:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.29 21:16:58 | 000,981,741 | ---- | M] () -- C:\Dokumente und Einstellungen\lars\Desktop\AbletonNocturn.pdf [2010.09.29 21:03:38 | 000,000,832 | ---- | M] () -- C:\Dokumente und Einstellungen\lars\Desktop\Live 7.0.18.lnk [2010.09.29 16:51:05 | 000,000,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2010.09.24 12:06:36 | 000,002,609 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mindjet MindManager Pro 6.lnk [2010.09.15 23:11:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.09 09:34:01 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.08 10:31:08 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.10.08 07:42:15 | 3211,186,176 | -HS- | C] () -- C:\hiberfil.sys [2010.10.03 11:38:23 | 000,000,789 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Pusteblume 3.lnk [2010.09.29 21:16:58 | 000,981,741 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Desktop\AbletonNocturn.pdf [2010.09.29 21:03:38 | 000,000,832 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Desktop\Live 7.0.18.lnk [2010.08.11 21:17:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\wdz3.ini [2010.05.30 14:13:24 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.04.07 22:53:54 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.16 20:27:20 | 000,011,910 | ---- | C] () -- C:\WINDOWS\System32\Genmidi.dll [2010.03.16 20:27:20 | 000,011,910 | ---- | C] () -- C:\WINDOWS\Genmidi.dll [2010.03.14 01:13:36 | 000,027,893 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2010.03.14 00:19:16 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll [2010.03.07 12:23:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2010.03.07 12:19:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll [2010.03.07 12:19:58 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys [2010.03.06 23:00:00 | 000,038,390 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Anwendungsdaten\dBase.ADR [2010.03.06 22:40:01 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.03.06 12:53:54 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old [2010.03.06 12:53:54 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2008.08.18 23:41:30 | 000,165,604 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini [2008.08.01 17:02:16 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\lars\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.04.28 12:47:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini [2008.03.23 00:58:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.03.22 21:34:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2008.03.22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2008.03.22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2008.03.22 21:33:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2007.12.10 17:59:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys [2007.11.06 22:57:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007.10.01 14:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys [2007.10.01 14:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2007.07.20 14:29:54 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll [2007.06.28 09:18:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini [2007.06.28 09:18:36 | 000,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini [2007.06.06 00:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007.06.05 17:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll [2007.05.28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll [2007.05.28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2007.05.28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll [2007.05.09 15:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys [2007.05.09 15:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys [2007.04.01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.04.01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.01.04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys [2006.08.28 19:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2006.07.20 10:33:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll [2006.05.25 18:18:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll [2005.11.02 14:32:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004.08.04 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003.11.24 16:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll [2003.11.24 16:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 174 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > und Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.10.2010 12:53:07 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,33 Gb Total Space | 17,53 Gb Free Space | 24,57% Space Free | Partition Type: NTFS
Drive D: | 71,84 Gb Total Space | 6,02 Gb Free Space | 8,38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-747B59264E
Current User Name: lars
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15DE3B2B-BBF0-49C0-8438-136EE8EB883B}" = Mindjet MindManager Pro 6
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{50599365-309F-11D7-877D-0050FC43B196}" = Panama
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Antares Auto-Tune 3 DirectX" = Antares Auto-Tune 3 DirectX
"Automap Universal ReWire_is1" = Automap ReWire 1.0
"Automap Universal_is1" = Automap 3.5
"AVerMedia A815 USB DVB-T" = AVerMedia A815 USB DVB-T 1.0.0.46
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Canon iP4600 series Benutzerregistrierung" = Canon iP4600 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"FM Heaven VSTi v1.3" = FM Heaven VSTi v1.3
"Free Video Dub_is1" = Free Video Dub version 1.8
"Free YouTube Download_is1" = Free YouTube Download 2.6
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4088
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Live 7.0.16" = Live 7.0.16
"Live 7.0.18" = Live 7.0.18
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments B4 v1.11 w/ DXi" = Native Instruments B4 v1.11 w/ DXi
"Native Instruments Battery 2" = Native Instruments Battery 2
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments FM7" = Native Instruments FM7
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Pro52 v2.5" = Native Instruments Pro52 v2.5
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Synthetic Drums 2" = Native Instruments Synthetic Drums 2
"NI Service Center" = NI Service Center
"Nocturn_is1" = Nocturn 1.0
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.9b1
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Phonic Helix MKII Series Driver 2.34.0 Setup" = Phonic Helix MKII Series Driver 2.34.0
"ProInst" = Intel(R) PROSet/Wireless Software
"Pusteblume 3" = Pusteblume 3
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TC Native Bundle DX VST v2.02" = TC Native Bundle DX VST v2.02
"Uninstall_is1" = Uninstall 1.0.0.1
"Wave Arts MasterVerb DX v2.01" = Wave Arts MasterVerb DX v2.01
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.53
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.10.2010 03:28:58 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.10.2010 03:28:58 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 936187
Error - 08.10.2010 03:28:58 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 936187
Error - 08.10.2010 03:29:02 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.10.2010 03:29:02 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 940109
Error - 08.10.2010 03:29:02 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 940109
Error - 08.10.2010 04:26:17 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.10.2010 04:26:17 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4375344
Error - 08.10.2010 04:26:17 | Computer Name = ACER-747B59264E | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4375344
Error - 08.10.2010 08:02:34 | Computer Name = ACER-747B59264E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 10.0.3.0, fehlgeschlagenes
Modul msvcr90.dll, Version 9.0.30729.1, Fehleradresse 0x0003f7c9.
[ System Events ]
Error - 07.10.2010 18:29:31 | Computer Name = ACER-747B59264E | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 07.10.2010 18:29:31 | Computer Name = ACER-747B59264E | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Apple Mobile Device" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 07.10.2010 18:29:31 | Computer Name = ACER-747B59264E | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Dienst "Bonjour"" ist vom Dienst "TCP/IP-Protokolltreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 07.10.2010 18:29:31 | Computer Name = ACER-747B59264E | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 07.10.2010 18:29:32 | Computer Name = ACER-747B59264E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07.10.2010 18:29:32 | Computer Name = ACER-747B59264E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
Error - 07.10.2010 18:29:43 | Computer Name = ACER-747B59264E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 07.10.2010 18:30:11 | Computer Name = ACER-747B59264E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 07.10.2010 18:31:00 | Computer Name = ACER-747B59264E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 08.10.2010 01:40:57 | Computer Name = ACER-747B59264E | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
|
|
09.10.2010, 14:18
| #2 |
| /// Malware-holic   | Infizierung durch TR/Crypt.XPACK.Gen3 in welcher datei wird avira fündig, zu finden unter avira /ereignisse, falls guard funde, oder avira /reports, falls beim scan.
__________________ |
|
09.10.2010, 14:27
| #3 |
| | Infizierung durch TR/Crypt.XPACK.Gen3 Antivir findet reihenweise Infizierungen in unten stehendem Pfad. Es sind immer solche Dateien nur mit unterschieclichen Nummern
__________________In der Datei 'C:\WINDOWS\Temp\TMP35.tmp' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern |
|
09.10.2010, 15:14
| #4 |
| /// Malware-holic | Infizierung durch TR/Crypt.XPACK.Gen3 hast du ein paar dieser dateien in der quarantäne? schau dazu mal unter avira, verwaltung, quarantäne. falls ja, schalte den avira guard mal ab, mit rechtsklick auf den regenschirm. dann stelle die dateien wieder her, in dem du auf wiederherstellen in klickst. Submit your sample hier die dateien mit verdacht auf fehlalarm hochladen. dann prüfe mal 1 2 dateien bei VirusTotal - Free Online Virus, Malware and URL Scanner poste die ergebnisse. dann dateien löschen, papierkorb leeren, avira einschalten |
|
09.10.2010, 16:58
| #5 |
| | Infizierung durch TR/Crypt.XPACK.Gen3 Hier schon mal das Ergebnis von Virustotal: Spricht für einen Fehlalarm oder? Antivirus Version Last Update Result AhnLab-V3 2010.10.09.00 2010.10.08 - AntiVir 7.10.12.167 2010.10.08 TR/Crypt.XPACK.Gen3 Antiy-AVL 2.0.3.7 2010.10.09 - Authentium 5.2.0.5 2010.10.09 - Avast 4.8.1351.0 2010.10.09 - Avast5 5.0.594.0 2010.10.09 - AVG 9.0.0.851 2010.10.09 - BitDefender 7.2 2010.10.09 - CAT-QuickHeal 11.00 2010.10.09 - ClamAV 0.96.2.0-git 2010.10.09 - Comodo 6331 2010.10.09 - DrWeb 5.0.2.03300 2010.10.09 - Emsisoft 5.0.0.50 2010.10.09 - eSafe 7.0.17.0 2010.10.07 - eTrust-Vet 36.1.7901 2010.10.08 - F-Prot 4.6.2.117 2010.10.08 - F-Secure 9.0.15370.0 2010.10.09 - Fortinet 4.2.249.0 2010.10.09 - GData 21 2010.10.09 - Ikarus T3.1.1.90.0 2010.10.09 - Jiangmin 13.0.900 2010.10.09 - K7AntiVirus 9.65.2713 2010.10.09 - Kaspersky 7.0.0.125 2010.10.09 - McAfee 5.400.0.1158 2010.10.09 - McAfee-GW-Edition 2010.1C 2010.10.09 - Microsoft 1.6201 2010.10.09 - NOD32 5518 2010.10.09 - Norman 6.06.07 2010.10.09 - nProtect 2010-10-09.01 2010.10.09 - Panda 10.0.2.7 2010.10.09 - PCTools 7.0.3.5 2010.10.09 - Prevx 3.0 2010.10.09 - Rising 22.68.05.00 2010.10.09 - Sophos 4.58.0 2010.10.09 - Sunbelt 7024 2010.10.09 - SUPERAntiSpyware 4.40.0.1006 2010.10.09 - Symantec 20101.2.0.161 2010.10.09 - TheHacker 6.7.0.1.053 2010.10.08 - TrendMicro 9.120.0.1004 2010.10.09 - TrendMicro-HouseCall 9.120.0.1004 2010.10.09 - VBA32 3.12.14.1 2010.10.08 - ViRobot 2010.9.25.4060 2010.10.09 - VirusBuster 12.67.10.0 2010.10.09 - Additional information Show all MD5 : a895184dca1de18135215cdfd47f1a01 SHA1 : 2ed8aabf2240949a85bd6fcb90702fd8e6b714de SHA256: 550dcc54c9f082f035bd1feea5813431b6d2db0f49f784f3e4d5f8cf3b361b0a |
|
| Themen zu Infizierung durch TR/Crypt.XPACK.Gen3 |
| 0x00000001, acroiehelper.dll, alternate, antivir, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, browser, browser guard, canon, checkpoint, components, conduit, desktop, einstellungen, error, excel, excel.exe, extras.txt, firefox, flash player, format, iastor.sys, indesign, internet browser, launch, location, mozilla, msvcr80.dll, national, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, realtek, registry, registry cleaner, rundll, sched.exe, searchplugins, senden, server, software, sparbuch, spyware, stick, studio, system restore, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, tracker, trojaner, trojaner tr/crypt.xpack.gen, wiso |
Linear-Darstellung
