Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Log-Analyse und Auswertung: Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.04.2011, 18:34   #1
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Liebe Forumspezialisten,

ich hoffe auf Eure Hilfe im Kampf gegen einen mir inzwischen sehr lästigen Mitbewohner auf meinem PC. Seit ca. einer Woche meldet mein Avira aller paar Minuten Malware-Fund. Immer im Wechsel TR/Crypt.XPACK.Gen und JAVA/OpenConnect.J. Dann habe ich mal geforscht. Scheinen ja eher ältere Genossen zu sein, die mich da erwischt haben. Nur, wie kriege ich die denn nun wieder los?
Habe nach Anleitung verschiedene Log-Files erstellt. Seid so lieb und schaut Euch das soch bitte mal an. Mein PC läuft zwar ganz gut trotz Infektion, aber das ständige Gepiepse vom Avira macht mich kirre. Hilfe!!!!

1. Log - Scan
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-08 05:20:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD1600BEVS-60RST0 rev.04.01G04
Running: g2m3e4r.exe; Driver: C:\Users\Sanne\AppData\Local\Temp\ugloypog.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC0D340, 0x3EE1D7, 0xE8000020]
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----
--- --- ---

2. Log - OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.04.2011 21:54:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sanne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,58 Gb Total Space | 83,29 Gb Free Space | 60,54% Space Free | Partition Type: NTFS
Drive D: | 11,47 Gb Total Space | 2,13 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
 
Computer Name: SANNE-PC | User Name: Sanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.06 21:47:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
PRC - [2011.03.24 12:40:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.18 17:31:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.05 17:40:55 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 17:40:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.06 21:47:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.18 17:31:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.05 17:40:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.18 17:31:22 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 23:49:00 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.10.18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.09.09 09:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.03.06 15:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 10:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.11.04 11:06:52 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}:3.2.7
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.09 12:16:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:40:17 | 000,000,000 | ---D | M]
 
[2010.01.28 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanne\AppData\Roaming\mozilla\Extensions
[2011.04.06 20:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions
[2011.01.13 22:47:27 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.01.28 22:03:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.13 16:21:25 | 000,000,000 | ---D | M] (Qute Classic) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}
[2011.01.25 21:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.25 21:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.25 21:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.13 11:08:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.13 11:08:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.13 11:08:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.13 11:08:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.13 11:08:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.06 21:11:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - Startup: C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tax aktuell.lnk - C:\Programme\Buhl finance\tax 2009 Standard\taxaktuell.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.06 21:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.06 21:51:00 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.06 21:47:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sanne\Desktop\Erunt-setup.exe
[2011.04.06 21:47:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
[2011.04.06 21:47:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sanne\Desktop\TFC.exe
[2011.04.06 21:20:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.06 21:20:47 | 000,000,000 | ---D | C] -- C:\Users\Sanne\AppData\Local\temp
[2011.04.06 21:12:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.06 20:54:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.06 20:54:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.06 20:54:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.06 20:54:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.06 20:53:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.06 20:53:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.03.24 10:08:37 | 000,000,000 | ---D | C] -- C:\Users\Sanne\Kopfzentrum
[2011.03.17 09:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sanne\Desktop\Doktorarbeit
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.06 21:52:42 | 000,000,913 | ---- | M] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.06 21:52:39 | 000,000,733 | ---- | M] () -- C:\Users\Sanne\Desktop\NTREGOPT.lnk
[2011.04.06 21:52:39 | 000,000,714 | ---- | M] () -- C:\Users\Sanne\Desktop\ERUNT.lnk
[2011.04.06 21:48:06 | 000,301,568 | ---- | M] () -- C:\Users\Sanne\Desktop\g2m3e4r.exe
[2011.04.06 21:48:03 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sanne\Desktop\Erunt-setup.exe
[2011.04.06 21:48:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\TFC.exe
[2011.04.06 21:47:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
[2011.04.06 21:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.06 21:26:51 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.06 21:24:20 | 000,201,475 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.06 21:24:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.06 21:24:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 21:24:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 21:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.06 21:11:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.06 20:26:03 | 000,201,475 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.05 22:22:05 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.05 22:22:05 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.05 22:22:05 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.05 22:22:05 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.05 22:19:40 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB7E39A5-3F04-49DB-8777-F5CB97CA5CCE}.job
[2011.03.31 11:01:21 | 000,002,184 | ---- | M] () -- C:\Users\Sanne\AppData\Roaming\wklnhst.dat
[2011.03.20 19:11:20 | 000,049,597 | ---- | M] () -- C:\Users\Sanne\Documents\DP28.03.-03.04.2011.pdf
[2011.03.18 17:31:22 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Sanne\Desktop\Anleitung.html
[2011.03.10 23:41:27 | 000,006,034 | ---- | M] () -- C:\Users\Sanne\Documents\Anwendung von Dexa.odt
 
========== Files Created - No Company Name ==========
 
[2011.04.06 21:51:04 | 000,000,913 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.06 21:51:01 | 000,000,733 | ---- | C] () -- C:\Users\Sanne\Desktop\NTREGOPT.lnk
[2011.04.06 21:51:01 | 000,000,714 | ---- | C] () -- C:\Users\Sanne\Desktop\ERUNT.lnk
[2011.04.06 21:47:44 | 000,301,568 | ---- | C] () -- C:\Users\Sanne\Desktop\g2m3e4r.exe
[2011.04.06 21:26:41 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.06 20:54:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.06 20:54:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.06 20:54:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.06 20:54:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.06 20:54:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.20 19:11:18 | 000,049,597 | ---- | C] () -- C:\Users\Sanne\Documents\DP28.03.-03.04.2011.pdf
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Sanne\Desktop\Anleitung.html
[2011.03.10 23:41:19 | 000,006,034 | ---- | C] () -- C:\Users\Sanne\Documents\Anwendung von Dexa.odt
[2011.02.04 21:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.21 21:35:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.10.22 20:49:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.22 20:49:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.22 20:48:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.20 12:33:52 | 000,201,475 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.20 12:33:52 | 000,201,475 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.17 22:42:39 | 000,006,944 | ---- | C] () -- C:\Users\Sanne\AppData\Local\d3d9caps.dat
[2008.11.09 13:49:27 | 000,002,184 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\wklnhst.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.31 18:03:50 | 000,000,544 | ---- | C] () -- C:\Windows\WISO.INI
[2008.04.29 22:04:09 | 000,027,335 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\nvModes.001
[2008.04.29 22:03:47 | 000,027,335 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\nvModes.dat
[2008.04.29 21:59:10 | 000,006,656 | ---- | C] () -- C:\Users\Sanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.07 18:47:06 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.11.07 02:17:04 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.07 02:17:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.07 02:17:04 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.07 02:17:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,400,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.05.31 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service
[2008.05.31 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service GmbH
[2008.05.31 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\DataDesign
[2011.01.13 23:04:30 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\GARMIN
[2009.11.13 17:22:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Nokia
[2010.06.22 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\PC Suite
[2011.02.03 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\TeamViewer
[2008.12.22 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Template
[2010.12.01 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\XnView
[2011.04.06 21:22:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.05 22:19:40 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FB7E39A5-3F04-49DB-8777-F5CB97CA5CCE}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.06 21:12:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.09.22 20:21:09 | 000,000,000 | ---D | M] -- C:\boot
[2007.11.06 19:22:44 | 000,000,000 | ---D | M] -- C:\CVS
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.04.29 18:52:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.07 19:08:31 | 000,000,000 | ---D | M] -- C:\HP
[2011.01.21 20:52:09 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.02.24 09:34:59 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.09.28 14:25:09 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.06 21:51:00 | 000,000,000 | R--D | M] -- C:\Programme
[2011.02.04 21:06:40 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.04.29 18:52:24 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.06 21:20:48 | 000,000,000 | ---D | M] -- C:\Qoobox
[2008.04.29 19:03:17 | 000,000,000 | ---D | M] -- C:\SwSetup
[2011.04.06 21:55:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.29 19:03:16 | 000,000,000 | ---D | M] -- C:\System.sav
[2008.04.29 18:53:01 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.06 21:20:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 05:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 04:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 20:23:16
 
< End of report >
--- --- ---

3. Log - ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.04.2011 21:54:11 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sanne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,58 Gb Total Space | 83,29 Gb Free Space | 60,54% Space Free | Partition Type: NTFS
Drive D: | 11,47 Gb Total Space | 2,13 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
 
Computer Name: SANNE-PC | User Name: Sanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65A56242-E221-4496-858F-B13D97912626}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{726200FF-A3DD-48DB-A3FB-9B3A00E6DACE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DB9EDC4D-E17E-43D3-9A69-B2DCBC25E98A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1882ADE3-19AA-47E4-B12D-2D67027C16ED}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{4826F424-8685-4F85-936E-71344F02290A}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{689B239D-7E93-4669-A38D-33BBB9C3DA35}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{97602EE8-EE2C-40D1-8097-D15209E8B791}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{9F5E87B3-0AE1-44DE-BD27-E54FEBC47229}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AB371CAB-A81B-4922-B188-344B1CB738E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FF6CF4D0-09DB-40D6-B838-2E7C38FA6DE1}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"TCP Query User{6033501A-AB56-4B6B-A757-D2C5917B73BA}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{9EBCB20C-0ECE-4C32-9ACE-9248B490FCB6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{BBA24D71-C404-4E34-994F-62D5FC88152A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FF909722-02EA-41E1-B1B0-E0B9B780BC80}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3F1527C7-DCE7-41D5-8339-0F425D1B6760}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8C5BB9AB-20EF-453F-A56F-65751D8CF315}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{C7D41B38-4FC6-48C4-9EDF-2296485C971D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{F76ED9DA-5F12-4B05-81A0-56F718CF70C1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"{40194EFA-7410-4F36-83E3-2517C985169A}" = HeliCommand
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"XnView_is1" = XnView 1.97.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.03.2011 15:16:25 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 30.03.2011 14:28:31 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 31.03.2011 15:28:58 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 31.03.2011 15:30:55 | Computer Name = Sanne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avcenter.exe, Version 10.0.12.29, Zeitstempel
0x4beab9e2, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00021a80, Prozess-ID 0xcc4, Anwendungsstartzeit
01cbefd9e08c72e3.
 
Error - 03.04.2011 14:00:51 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 04.04.2011 14:54:32 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 04.04.2011 14:57:54 | Computer Name = Sanne-PC | Source = Application Hang | ID = 1002
Description = Programm QP.exe, Version 2.4.0.3402 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: a84 Anfangszeit: 01cbf2f9b2c7a4e0 Zeitpunkt der Beendigung:
25
 
Error - 05.04.2011 16:16:23 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden. Fehlercode: 
 
Error - 06.04.2011 15:49:04 | Computer Name = Sanne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TFC.exe, Version 3.1.7.0, Zeitstempel 0x2a425e19,
fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05bcc, 
Ausnahmecode 0xc00000fd, Fehleroffset 0x000b0af5, Prozess-ID 0x95c, Anwendungsstartzeit
01cbf49395d4f19a.
 
Error - 06.04.2011 15:49:11 | Computer Name = Sanne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TFC.exe, Version 3.1.7.0, Zeitstempel 0x2a425e19,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
0xc0000005, Fehleroffset 0x00044b57, Prozess-ID 0x95c, Anwendungsstartzeit 01cbf49395d4f19a.
 
[ System Events ]
Error - 06.04.2011 14:25:45 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 14:56:01 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 06.04.2011 14:56:27 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.04.2011 15:04:10 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.04.2011 15:09:30 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.04.2011 15:09:46 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.04.2011 15:11:29 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 15:17:44 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.04.2011 15:24:22 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 15:48:25 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
--- --- ---

Ich hoffe ja, Ihr könnt was damit anfangen. Für mich sind das Böhmische Dörfer.

Alt 09.04.2011, 18:38   #2
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


hallo.
du hast recht, die xpack-erkennung, zu mindest das erste erstell datum, liegt ein paar jahre zurück, dies heißt aber nicht das das alt ist, diese wird immer wieder erneuert. darunter fallen millionen verschiedener möglicher schädlinge.
deswegen sei doch so gut, und zeige uns die fundmeldungen von avira.
wenn es immer die selben dateien sind reicht auch eine von jeder.
die fundmeldungen findest du unter avira, ereignisse.
__________________

__________________
Alt 10.04.2011, 17:26   #3
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Hallo markusg,

Avira meldet folgendes:

1. In der Datei 'C:\Users\Sanne\eqload06.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern.

2. Die Datei 'C:\Users\Sanne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\143b51c7-51a2d8ed'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/OpenConnect.J' [virus].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 200a5d2a.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ignoriert.

Was heißt das denn dann?

LG,
Suse
__________________
Alt 10.04.2011, 17:31   #4
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


das wir arbeit haben...
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.04.2011, 19:00   #5
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


So, erledigt.

Hier die Hieroglyphen:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.04.2011 19:40:49 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Sanne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,58 Gb Total Space | 83,89 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive D: | 11,47 Gb Total Space | 2,13 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
 
Computer Name: SANNE-PC | User Name: Sanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.10 19:39:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Downloads\OTL.exe
PRC - [2011.03.24 12:40:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.18 17:31:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.05 17:40:55 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.05 17:40:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.10 19:39:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.18 17:31:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.05 17:40:55 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.18 17:31:22 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 23:49:00 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.30 09:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.10.18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.09.09 09:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.03.06 15:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 10:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.11.04 11:06:52 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-139288543-330671017-2567370579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-139288543-330671017-2567370579-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-139288543-330671017-2567370579-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}:3.2.7
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.09 12:16:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:40:17 | 000,000,000 | ---D | M]
 
[2010.01.28 21:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanne\AppData\Roaming\mozilla\Extensions
[2011.04.10 19:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions
[2011.01.13 22:47:27 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.01.28 22:03:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.13 16:21:25 | 000,000,000 | ---D | M] (Qute Classic) -- C:\Users\Sanne\AppData\Roaming\mozilla\Firefox\Profiles\qij1m7qk.default\extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}
[2011.01.25 21:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.25 21:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.25 21:28:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.13 11:08:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.13 11:08:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.13 11:08:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.13 11:08:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.13 11:08:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.08 05:31:55 | 000,431,577 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - Startup: C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-139288543-330671017-2567370579-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-139288543-330671017-2567370579-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-139288543-330671017-2567370579-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.248 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tax aktuell.lnk - C:\Programme\Buhl finance\tax 2009 Standard\taxaktuell.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPStart - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.06 21:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.06 21:51:00 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.06 21:47:44 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Sanne\Desktop\Erunt-setup.exe
[2011.04.06 21:47:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
[2011.04.06 21:47:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sanne\Desktop\TFC.exe
[2011.04.06 21:20:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.06 21:20:47 | 000,000,000 | ---D | C] -- C:\Users\Sanne\AppData\Local\temp
[2011.04.06 21:12:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.06 20:54:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.06 20:54:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.06 20:54:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.06 20:54:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.06 20:53:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.06 20:53:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.03.24 10:08:37 | 000,000,000 | ---D | C] -- C:\Users\Sanne\Kopfzentrum
[2011.03.22 22:07:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.22 22:07:45 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.17 09:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sanne\Desktop\Doktorarbeit
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.10 19:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.10 18:29:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB7E39A5-3F04-49DB-8777-F5CB97CA5CCE}.job
[2011.04.10 18:16:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.10 18:13:11 | 000,201,475 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.10 18:13:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.10 18:12:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.10 18:12:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.10 18:12:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.09 19:05:13 | 000,201,475 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.08 05:31:55 | 000,431,577 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.06 21:52:42 | 000,000,913 | ---- | M] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.06 21:52:39 | 000,000,733 | ---- | M] () -- C:\Users\Sanne\Desktop\NTREGOPT.lnk
[2011.04.06 21:52:39 | 000,000,714 | ---- | M] () -- C:\Users\Sanne\Desktop\ERUNT.lnk
[2011.04.06 21:48:06 | 000,301,568 | ---- | M] () -- C:\Users\Sanne\Desktop\g2m3e4r.exe
[2011.04.06 21:48:03 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Sanne\Desktop\Erunt-setup.exe
[2011.04.06 21:48:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\TFC.exe
[2011.04.06 21:47:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sanne\Desktop\OTL.exe
[2011.04.06 21:11:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110408-053155.backup
[2011.04.05 22:22:05 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.05 22:22:05 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.05 22:22:05 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.05 22:22:05 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.31 11:01:21 | 000,002,184 | ---- | M] () -- C:\Users\Sanne\AppData\Roaming\wklnhst.dat
[2011.03.20 19:11:20 | 000,049,597 | ---- | M] () -- C:\Users\Sanne\Documents\DP28.03.-03.04.2011.pdf
[2011.03.18 17:31:22 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Sanne\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.04.06 21:51:04 | 000,000,913 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.06 21:51:01 | 000,000,733 | ---- | C] () -- C:\Users\Sanne\Desktop\NTREGOPT.lnk
[2011.04.06 21:51:01 | 000,000,714 | ---- | C] () -- C:\Users\Sanne\Desktop\ERUNT.lnk
[2011.04.06 21:47:44 | 000,301,568 | ---- | C] () -- C:\Users\Sanne\Desktop\g2m3e4r.exe
[2011.04.06 21:26:41 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.06 20:54:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.06 20:54:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.06 20:54:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.06 20:54:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.06 20:54:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.20 19:11:18 | 000,049,597 | ---- | C] () -- C:\Users\Sanne\Documents\DP28.03.-03.04.2011.pdf
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Sanne\Desktop\Anleitung.html
[2011.02.04 21:06:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.21 21:35:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.10.22 20:49:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.22 20:49:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.22 20:48:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.20 12:33:52 | 000,201,475 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.20 12:33:52 | 000,201,475 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.17 22:42:39 | 000,006,944 | ---- | C] () -- C:\Users\Sanne\AppData\Local\d3d9caps.dat
[2008.11.09 13:49:27 | 000,002,184 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\wklnhst.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.31 18:03:50 | 000,000,544 | ---- | C] () -- C:\Windows\WISO.INI
[2008.04.29 22:04:09 | 000,027,335 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\nvModes.001
[2008.04.29 22:03:47 | 000,027,335 | ---- | C] () -- C:\Users\Sanne\AppData\Roaming\nvModes.dat
[2008.04.29 21:59:10 | 000,006,656 | ---- | C] () -- C:\Users\Sanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.07 18:47:06 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.11.07 02:17:04 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.07 02:17:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.07 02:17:04 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.07 02:17:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,400,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.05.31 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service
[2008.05.31 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service GmbH
[2008.05.31 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\DataDesign
[2011.01.13 23:04:30 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\GARMIN
[2009.11.13 17:22:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Nokia
[2010.06.22 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\PC Suite
[2011.02.03 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\TeamViewer
[2008.12.22 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Template
[2010.12.01 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\XnView
[2011.04.09 19:54:46 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.10 18:29:21 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FB7E39A5-3F04-49DB-8777-F5CB97CA5CCE}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.29 09:17:11 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Adobe
[2009.11.21 16:42:28 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Apple Computer
[2010.05.09 06:28:41 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Avira
[2008.05.31 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service
[2008.05.31 18:04:22 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Buhl Data Service GmbH
[2009.11.02 21:38:36 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\CyberLink
[2008.05.31 18:08:25 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\DataDesign
[2011.01.13 23:04:30 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\GARMIN
[2008.05.18 09:21:03 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Google
[2008.04.29 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Hewlett-Packard
[2008.04.30 07:52:49 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\HP
[2008.04.29 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Identities
[2009.03.28 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\InstallShield
[2008.04.29 19:04:44 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Macromedia
[2011.02.03 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Media Center Programs
[2011.03.22 22:03:26 | 000,000,000 | --SD | M] -- C:\Users\Sanne\AppData\Roaming\Microsoft
[2010.01.28 22:02:23 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Move Networks
[2010.01.28 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Mozilla
[2009.11.13 17:22:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Nokia
[2011.01.21 20:33:32 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\OpenOffice.org2
[2010.06.22 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\PC Suite
[2008.04.29 19:13:56 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Symantec
[2011.02.03 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\TeamViewer
[2008.12.22 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\Template
[2010.12.01 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Sanne\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2009.03.25 20:42:17 | 000,004,286 | R--- | M] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Installer\{40194EFA-7410-4F36-83E3-2517C985169A}\_6FEFF9B68218417F98F549.exe
[2009.03.25 20:42:17 | 000,004,286 | R--- | M] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Installer\{40194EFA-7410-4F36-83E3-2517C985169A}\_95A291C778606A6DFD714D.exe
[2009.03.25 20:42:17 | 000,004,286 | R--- | M] () -- C:\Users\Sanne\AppData\Roaming\Microsoft\Installer\{40194EFA-7410-4F36-83E3-2517C985169A}\_F9CB7BA3EC0031172B9C5E.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.06 19:25:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.11.06 19:25:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.11.06 19:25:54 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 06:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 05:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 04:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.06 17:58:16 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2007.11.06 17:58:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< End of report >
--- --- ---


Und
Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.04.2011 19:40:49 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Sanne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,58 Gb Total Space | 83,89 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
Drive D: | 11,47 Gb Total Space | 2,13 Gb Free Space | 18,61% Space Free | Partition Type: NTFS
 
Computer Name: SANNE-PC | User Name: Sanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-139288543-330671017-2567370579-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65A56242-E221-4496-858F-B13D97912626}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{726200FF-A3DD-48DB-A3FB-9B3A00E6DACE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DB9EDC4D-E17E-43D3-9A69-B2DCBC25E98A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1882ADE3-19AA-47E4-B12D-2D67027C16ED}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{4826F424-8685-4F85-936E-71344F02290A}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{689B239D-7E93-4669-A38D-33BBB9C3DA35}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{97602EE8-EE2C-40D1-8097-D15209E8B791}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{9F5E87B3-0AE1-44DE-BD27-E54FEBC47229}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AB371CAB-A81B-4922-B188-344B1CB738E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FF6CF4D0-09DB-40D6-B838-2E7C38FA6DE1}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"TCP Query User{6033501A-AB56-4B6B-A757-D2C5917B73BA}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{9EBCB20C-0ECE-4C32-9ACE-9248B490FCB6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{BBA24D71-C404-4E34-994F-62D5FC88152A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{FF909722-02EA-41E1-B1B0-E0B9B780BC80}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3F1527C7-DCE7-41D5-8339-0F425D1B6760}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{8C5BB9AB-20EF-453F-A56F-65751D8CF315}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{C7D41B38-4FC6-48C4-9EDF-2296485C971D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{F76ED9DA-5F12-4B05-81A0-56F718CF70C1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"{40194EFA-7410-4F36-83E3-2517C985169A}" = HeliCommand
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"XnView_is1" = XnView 1.97.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2011 14:00:51 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden.  Fehlercode: 
 
Error - 04.04.2011 14:54:32 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden.  Fehlercode: 
 
Error - 04.04.2011 14:57:54 | Computer Name = Sanne-PC | Source = Application Hang | ID = 1002
Description = Programm QP.exe, Version 2.4.0.3402 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: a84  Anfangszeit: 01cbf2f9b2c7a4e0  Zeitpunkt der Beendigung:
 25
 
Error - 05.04.2011 16:16:23 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden.  Fehlercode: 
 
Error - 06.04.2011 15:49:04 | Computer Name = Sanne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TFC.exe, Version 3.1.7.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul RPCRT4.dll, Version 6.0.6002.18024, Zeitstempel 0x49f05bcc, 
Ausnahmecode 0xc00000fd, Fehleroffset 0x000b0af5,  Prozess-ID 0x95c, Anwendungsstartzeit
 01cbf49395d4f19a.
 
Error - 06.04.2011 15:49:11 | Computer Name = Sanne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TFC.exe, Version 3.1.7.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
 0xc0000005, Fehleroffset 0x00044b57,  Prozess-ID 0x95c, Anwendungsstartzeit 01cbf49395d4f19a.
 
Error - 06.04.2011 16:13:01 | Computer Name = Sanne-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 07.04.2011 00:31:44 | Computer Name = Sanne-PC | Source = Application Hang | ID = 1002
Description = Programm g2m3e4r.exe, Version 1.0.15.15570 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 15b0  Anfangszeit: 01cbf4dca1bf49da  Zeitpunkt
 der Beendigung: 15
 
Error - 09.04.2011 02:15:47 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden.  Fehlercode: 
 
Error - 10.04.2011 12:14:38 | Computer Name = Sanne-PC | Source = Avira AntiVir | ID = 4122
Description = Die Datei <AVEvtLog> konnte nicht geladen werden.  Fehlercode: 
 
[ System Events ]
Error - 06.04.2011 15:17:44 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 06.04.2011 15:24:22 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.04.2011 15:48:25 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 07.04.2011 15:34:55 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.04.2011 23:27:37 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.04.2011 02:15:23 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 09.04.2011 02:15:23 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.04.2011 13:05:03 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.04.2011 12:14:11 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 10.04.2011 12:14:11 | Computer Name = Sanne-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
--- --- ---

Und jetze?
Hoffe, Du kannst irgendwas damit anfangen?

LG, Suse


Alt 10.04.2011, 19:08   #6
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


kannst du mal alle deine Malwarebytes logs posten, unter malwarebytes, logdateien zu finden
__________________
--> Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)

Alt 10.04.2011, 19:38   #7
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Hab mal schnell nen Scan laufen lassen. Und da isses nun:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6326

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

10.04.2011 20:33:49
mbam-log-2011-04-10 (20-33-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150371
Laufzeit: 2 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Sanne\eqload06.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Und der alte:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5671

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

03.02.2011 21:18:59
mbam-log-2011-02-03 (21-18-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142100
Laufzeit: 6 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Klingt das jetzt gut?

Alt 10.04.2011, 19:46   #8
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


bitte, nach update, nen vollständigen scan
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.04.2011, 21:03   #9
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Der vollständige Scan hat etwas gedauert. Aber hier ist das logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6326

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

10.04.2011 22:00:45
mbam-log-2011-04-10 (22-00-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 296472
Laufzeit: 46 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\helicommand\SBPFix.exe (Malware.Packer) -> Quarantined and deleted successfully.

Es bleibt spannend.

Alt 11.04.2011, 10:41   #10
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


c:\program files\helicommand\SBPFix.exe
öffne mal malwarebytes, quarantäne und dann stelle diese datei wieder her, die ist sauber.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.04.2011, 21:23   #11
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Hallo markusg,

hier das Combofix-Logfile.

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-11.01 - Sanne 11.04.2011  21:45:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1982.1215 [GMT 2:00]
ausgeführt von:: c:\users\Sanne\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sanne\AppData\Local\temp\ppcrlui_2432_2
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\ERDNT\cache\atapi.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 19:59 . 2011-04-11 20:02	--------	d-----w-	c:\users\Sanne\AppData\Local\temp
2011-04-11 19:59 . 2011-04-11 19:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-10 18:26 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 18:26 . 2011-04-10 18:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-10 18:26 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-09 06:22 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{91387781-C5FE-41E7-A69E-EB8ADB3AECAA}\mpengine.dll
2011-04-06 19:51 . 2011-04-06 19:52	--------	d-----w-	c:\program files\ERUNT
2011-03-24 08:08 . 2011-03-31 09:29	--------	d-----w-	c:\users\Sanne\Kopfzentrum
2011-03-22 20:07 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-22 20:07 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-22 20:07 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 15:31 . 2009-06-30 18:22	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-02 16:55	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 12:04	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 12:04	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 12:04	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 12:04	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 12:04	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 12:04	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 12:04	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 12:04	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 12:04	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 12:04	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 12:04	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 12:04	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 12:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 12:04	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 12:04	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 12:04	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 12:04	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 12:04	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 12:04	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 12:04	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 12:04	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 12:04	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 12:04	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 12:04	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 12:04	683008	----a-w-	c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Sanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tax aktuell.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\tax aktuell.lnk
backupExtension=.CommonStartup
backup=c:\windows\pss\tax aktuell.lnk.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24	54840	----a-w-	c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12	1414144	----a-w-	c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-02 20:00	181544	----a-w-	c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-19 07:33	49664	----a-w-	c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	------w-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-18 07:18	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29	102400	----a-w-	c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 22:13	218408	------w-	c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e731643aeed8;Google Update Service (gupdate1c9e731643aeed8);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 133104]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-18 17:39]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 05:32]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 05:32]
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{FB7E39A5-3F04-49DB-8777-F5CB97CA5CCE}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Sanne\AppData\Roaming\Mozilla\Firefox\Profiles\qij1m7qk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Qute Classic: {5514CFC3-D9A8-4f1a-8DF1-930EBFB59901} - %profile%\extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(444)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11  22:14:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-11 20:13
ComboFix2.txt  2011-04-06 19:20
.
Vor Suchlauf: 13 Verzeichnis(se), 96.166.109.184 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 96.157.560.832 Bytes frei
.
- - End Of File - - C826DE198CCCD3800E70597FE0BB205D
--- --- ---

Und nun?

Alt 12.04.2011, 09:58   #12
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem system?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2011, 20:39   #13
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Online-banking? Ja. Fühlt sich irgendwie bedrohlich an, die Frage. Was heißt das denn?

Alt 13.04.2011, 10:31   #14
markusg
/// Malware-holic
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


du solltest das onlinebanking sperren lassen, und zwar umgehend.du hattest ein rootkit auf dem system, welches dem angreifer umfassende kontrolle und enderungsmöglichkeiten gegeben hatt
dies heißt
wir können nicht garantieren das wir das system sauber bekommen.
deswegen solltest du darüber nachdenken, das wir das system gemeinsam neu aufsetzen und vernünftig absichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.04.2011, 21:08   #15
Suse78
 
Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Standard

Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


Mensch, das ist ja unerfreulich!
Meinste echt, da könnte einer Schindluder mit meinem Kontozugang treiben?
Die format C-Nummer wollte ich eigentlich auch vermeiden. Gibt aber wohl keine andere Lösung für sichere Virenfreiheit, oder?

Antwort

Themen zu Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)
antivir, autorun, avgntflt.sys, avira, bho, document, error, excel.exe, firefox, flash player, format, hilfe!!, home, iexplore.exe, installation, intranet, java/openconnect.j, launch, location, logfile, microsoft office word, mozilla, nodrives, ntdll.dll, nvlddmkm.sys, object, oldtimer, plug-in, registry, rundll, safer networking, saver, searchplugins, security, security scan, senden, shell32.dll, software, start menu, svchost.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, udp, vista


« Fehler im Hostprozess BEX-svchost.exe // Verschiedenste Fehlermeldungen | Laptop plötzlich extrem langsam »


Ähnliche Themen: Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)


  1. TR/Crypt.XPACK.Gen und EXP/JAVA.Nanube.Gen von Avira gefunden, wie kann ich sie löschen?
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (10)
  2. TR/Crypt.XPACK.Gen und JAVA/ Sincron.frt
    Log-Analyse und Auswertung - 12.09.2012 (1)
  3. Trojaner TR/Crypt.XPACK.Gen2 und JAVA/Exdoer.BY und EXP/Sinowal.A auf dem PC
    Log-Analyse und Auswertung - 01.06.2011 (23)
  4. Trojanische Pferd TR/EyeStye.H.128 und Erkennungsmuster des Java-Virus JAVA/OpenConnect.AI gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (26)
  5. Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd
    Plagegeister aller Art und deren Bekämpfung - 16.03.2011 (20)
  6. Java/OpenConnect.AI was soll ich tun
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (6)
  7. Avira hat JAVA/openConnect.AL gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (16)
  8. Virusfund: JAVA/OpenConnect.AI
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (1)
  9. JAVA/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (9)
  10. TR/Crypt.XPACK.Gen2, TR/Spyeye.H.36 und JAVA/OpenConnect.AI
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (28)
  11. TR/Crypt.XPACK.Gen und JAVA/Small.Y fund
    Log-Analyse und Auswertung - 01.02.2011 (7)
  12. Trojan.SpyEyes.WC , Security.Hijack TR/Crypt.XPACK.Gen , TR/Spyeye.H.36 und JAVA/OpenConnect.AI
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (20)
  13. Java/OpenConnect.ai
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (1)
  14. Java/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (15)
  15. TR/Crypt.XPACK.Gen und JAVA/Agent.BH
    Log-Analyse und Auswertung - 30.09.2010 (3)
  16. TR/Crypt.XPACK.Gen + JAVA/Agent.M.1
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (1)
  17. Viren - TR/Crypt.XPACK.Gen, JAVA/Clagent.H, etc
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) - Liebe Forumspezialisten, ich hoffe auf Eure Hilfe im Kampf gegen einen mir inzwischen sehr lästigen Mitbewohner auf meinem PC. Seit ca. einer Woche meldet mein Avira aller paar Minuten Malware-Fund. - Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J)...
Archiv
Du betrachtest: Akute Virusinfektion (TR/Crypt.XPACK.Gen, JAVA/OpenConnect.J) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19