Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.02.2014, 19:04   #1
amelia33
 
Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Guten Abend.
Ich habe heute meinen Laptop mit Antivir überprüft und Antivir hat folgendes gefunden:

Beginne mit der Suche in 'C:\'
C:\ProgramData\WildTangent\d0dc6569-7b4e-4707-b589-ea594b6d8d31-extr.exe
[0] Archivtyp: NSIS
--> 1/mahjongg_artifacts.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> 1/mahjong_artifacts.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <RECOVERY>

Ich habe es jetzt erstmal in Quarantäne gesetzt. Nun habe ich hier im Board gelesen, dass dies auch ein Fehlalarm sein kann und es keine MAlware ist. Ich habe keine PC Probleme oder ähnliches. Was soll ich machen?

Vielen Dank im voraus

Alt 01.02.2014, 20:35   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 01.02.2014, 21:13   #3
amelia33
 
Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Sandra (administrator) on SANDRA-PC on 01-02-2014 21:04:29
Running from C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75CDA8PI
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1410344 2008-12-04] (Synaptics, Inc.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [450663 2009-01-08] (IDT, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2741628538-1973461827-1304568609-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-2741628538-1973461827-1304568609-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2741628538-1973461827-1304568609-1000\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {EC046DEB-93A4-4CC8-A2FE-DF350C5EDEE8} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {1596A223-1D6B-4412-8AF8-14CC0EC8123C} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {9B80DB3F-9023-4269-991B-E48796920A93} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {EC046DEB-93A4-4CC8-A2FE-DF350C5EDEE8} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {1596A223-1D6B-4412-8AF8-14CC0EC8123C} URL = 
SearchScopes: HKCU - {9B80DB3F-9023-4269-991B-E48796920A93} URL = 
SearchScopes: HKCU - {EC046DEB-93A4-4CC8-A2FE-DF350C5EDEE8} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe [77824 2009-01-13] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe [237661 2009-01-08] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [x]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-01 21:04 - 2014-02-01 21:04 - 00000000 ____D () C:\FRST
2014-02-01 21:02 - 2014-02-01 21:02 - 00001406 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-02-01 21:02 - 2014-02-01 21:02 - 00000000 ____D () C:\Program Files\iMesh Applications
2014-01-26 12:16 - 2014-01-26 12:16 - 00001887 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-01-26 12:16 - 2014-01-26 12:16 - 00000000 ____D () C:\Program Files\Adobe
2014-01-24 16:26 - 2014-01-24 16:26 - 00081136 _____ () C:\Users\Sandra\Desktop\Speedport_W724V_01011601.00.009_24.01.14_1626.bin
2014-01-14 19:52 - 2014-01-14 20:06 - 00000000 ____D () C:\Users\Sandra\Documents\Wohnungsübergabe Januar 2014

==================== One Month Modified Files and Folders =======

2014-02-01 21:04 - 2014-02-01 21:04 - 00000000 ____D () C:\FRST
2014-02-01 21:02 - 2014-02-01 21:02 - 00001406 _____ () C:\Users\Public\Desktop\iMesh-Installation fortsetzen.lnk
2014-02-01 21:02 - 2014-02-01 21:02 - 00000000 ____D () C:\Program Files\iMesh Applications
2014-02-01 21:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 21:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 20:58 - 2013-08-20 13:54 - 01952927 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 18:41 - 2009-02-26 09:42 - 00000000 ____D () C:\ProgramData\WildTangent
2014-02-01 11:33 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 20:47 - 2006-11-02 14:01 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-27 18:15 - 2009-02-26 10:17 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-27 18:14 - 2008-01-21 03:47 - 00177098 _____ () C:\Windows\PFRO.log
2014-01-26 12:16 - 2014-01-26 12:16 - 00001887 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-01-26 12:16 - 2014-01-26 12:16 - 00000000 ____D () C:\Program Files\Adobe
2014-01-26 12:16 - 2009-02-26 10:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-24 16:26 - 2014-01-24 16:26 - 00081136 _____ () C:\Users\Sandra\Desktop\Speedport_W724V_01011601.00.009_24.01.14_1626.bin
2014-01-24 06:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-16 20:18 - 2009-02-26 10:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 20:17 - 2013-08-20 15:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 20:12 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 20:06 - 2014-01-14 19:52 - 00000000 ____D () C:\Users\Sandra\Documents\Wohnungsübergabe Januar 2014
2014-01-14 19:07 - 2006-11-02 11:33 - 01445310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-03 17:41 - 2013-08-22 19:05 - 00000000 ____D () C:\Users\Sandra\Documents\Versicherungen 2013

Files to move or delete:
====================
C:\Users\Sandra\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\HPQSi.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-01 12:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by Sandra at 2014-02-01 21:05:40
Running from C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75CDA8PI
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader 9.2 - Deutsch (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (Version: 11.0 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25 - ArcSoft)
ArcSoft PhotoImpression (Version:  - )
Atheros Driver Installation Program (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (Version: 3.0.708.0 - ATI Technologies, Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
B109n-z (Version: 130.0.396.000 - Hewlett-Packard) Hidden
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0122.1.43106 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0122.1.43106 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Czech (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Danish (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Dutch (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help English (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Finnish (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help French (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help German (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Greek (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Italian (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Japanese (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Korean (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Polish (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Russian (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Spanish (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Swedish (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Thai (Version: 2009.0122.0000.43106 - ATI) Hidden
CCC Help Turkish (Version: 2009.0122.0000.43106 - ATI) Hidden
ccc-core-static (Version: 2009.0122.1.43106 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0122.1.43106 - ATI) Hidden
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (Version: 6.0.2326 - CyberLink Corp.)
CyberLink DVD Suite (Version: 6.0.2326 - CyberLink Corp.) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
ESU for Microsoft Vista (Version: 1.0.0 - Hewlett-Packard)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (Version: 3.1.9.1 - Hewlett-Packard)
HP Common Access Service Library (Version: 2.00 E6 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (Version: 5.7.0.2664 - Hewlett-Packard)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Help and Support (Version: 2.1.3.0 - Hewlett-Packard Company)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP MediaSmart DVD (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart DVD (Version: 2.1.2328 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (Version: 2.1.2425 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (Version: 2.1.2425 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (Version: 2.1.1708 - Hewlett-Packard)
HP MediaSmart TV (Version: 2.1.1708 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (Version: 2.1.1124 - Hewlett-Packard)
HP MediaSmart Webcam (Version: 2.1.1124 - Hewlett-Packard) Hidden
HP Photosmart Wireless B109n-z All-In-One Driver Software 13.0 Rel .6 (Version:  - HP)
HP Print Projects 1.0 (Version: 1.0 - HP)
HP Quick Launch Buttons 6.40 L1 (Version: 6.40 L1 - Hewlett-Packard)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Total Care Advisor (Version: 2.4.5479.2842 - Hewlett-Packard)
HP Total Care Setup (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (Version: 4.000.013.003 - Hewlett-Packard)
HP User Guides 0126 (Version: 1.04.0000 - Hewlett-Packard)
HP Wireless Assistant (Version: 3.50 A6 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 2.0.64.3 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
IDT Audio (Version: 1.0.6087.22 - IDT)
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JMicron Flash Media Controller Driver (Version: 1.00.22.05 - JMicron Technology Corp.)
LabelPrint (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (Version: 2.5.1118 - CyberLink Corp.) Hidden
LightScribe System Software  1.14.17.1 (Version: 1.14.17.1 - LightScribe)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (Version: 1.0.0.62 - WildTangent)
MyFreeCodec (HKCU Version:  - )
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (Version: 16.0.0.125 - Symantec Corporation) Hidden
PhotoScape (Version:  - )
Power2Go (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (Version: 7.0.2317 - CyberLink Corp.)
PowerDirector (Version: 7.0.2317 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (Version: 3.10 A7 - Hewlett-Packard)
PS_AIO_06_B109n-z_SW_Min (Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001 - Realtek)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skins (Version: 2009.0122.1.43106 - ATI) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (Version: 1.00.0000 - Electronic Arts)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 12.1.0.0 - Synaptics)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
VLC media player 2.0.8 (Version: 2.0.8 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Messenger (Version: 8.1.0178.00 - Microsoft Corporation)
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0 - ENE)
WinRAR 4.01 (32-Bit) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

09-09-2013 15:38:31 Geplanter Prüfpunkt
13-09-2013 17:14:47 Windows Update
14-09-2013 14:01:41 Windows Update
19-09-2013 18:20:43 Installed Samsung Kies
21-09-2013 10:34:23 Windows Update
10-10-2013 17:43:29 Windows Update
07-11-2013 17:52:21 Geplanter Prüfpunkt
15-11-2013 16:13:25 Windows Update
23-11-2013 10:32:18 Geplanter Prüfpunkt
24-11-2013 17:35:20 Geplanter Prüfpunkt
02-12-2013 17:44:45 Geplanter Prüfpunkt
14-12-2013 11:28:08 Windows Update
15-12-2013 00:34:11 Geplanter Prüfpunkt
12-01-2014 17:38:21 Geplanter Prüfpunkt
14-01-2014 18:02:33 Geplanter Prüfpunkt
16-01-2014 19:11:30 Windows Update
19-01-2014 18:37:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B10F5FD-1565-4CE9-9038-2FA22EA0C161} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F7267286-55EB-44CE-83BA-5BFED76B7D16} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

==================== Loaded Modules (whitelisted) =============

2009-01-22 01:34 - 2009-01-22 01:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-08-20 19:53 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-10 18:56 - 2013-10-10 18:56 - 01924608 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bee88fd68a7fbf826e5b13f7d8d90aca\Kies.UI.ni.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00079360 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\40e1d3d166754a0ee95587d5d7304414\Kies.MVVM.ni.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00080896 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\3a2ea444aa16a449759bd64ef15ee047\ZipStore.ni.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00189952 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7932879d1006f45d6c5837c365ecbcf6\Kies.Common.DeviceServiceLib.Interface.ni.dll
2013-10-10 18:57 - 2013-10-10 18:57 - 00362496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\b072044f4139d59fe42fef3e9b0bcd4d\DevicePhoto.ni.dll
2013-10-10 18:57 - 2013-10-10 18:57 - 00296960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\742f94cc8e12d6f5d6f3067c379f5830\DeviceVideo.ni.dll
2013-10-10 18:57 - 2013-10-10 18:57 - 00612352 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\cfa2577a9e9acc5fe958f312a59a1c81\DevicePodcast.ni.dll
2013-09-19 19:29 - 2013-09-19 19:29 - 00307200 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\c001433d3ccb98bd9c3744d8d288d1c5\DummyStorePlugin.ni.dll
2013-09-19 19:29 - 2013-09-19 19:29 - 14972928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a0be2c714964d75270c37bd0e57182ee\Kies.Theme.ni.dll
2013-10-10 18:57 - 2013-10-10 18:57 - 00582144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a87a3ef65dabe86f36798af6830b7bdc\Kies.Common.DeviceServiceLib.FileService.ni.dll
2013-09-19 19:28 - 2013-09-19 19:28 - 00046592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\129affa1c25fe7751026f37ac4441abe\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2013-10-10 18:57 - 2013-10-10 18:57 - 01002496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\0a14014a110371a0911719ec4fd24fb2\DeviceCommonLib.ni.dll
2013-09-19 19:29 - 2013-09-19 19:29 - 00232960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6c2268d21092027249488bb1b5b0b75f\ASF_cSharpAPI.ni.dll
2013-08-20 14:00 - 2013-08-20 14:00 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-29 16:34 - 2008-10-29 16:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: HP Photosmart Wireless B109n-z
Description: HP Photosmart Wireless B109n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Wireless B109n-z
Description: Photosmart Wireless B109n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2014 11:35:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 08:11:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 09:37:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 07:35:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 06:40:33 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/30/2014 06:36:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2014 04:39:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2014 08:59:21 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/28/2014 07:21:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2014 06:16:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/01/2014 06:32:43 PM) (Source: PlugPlayManager) (User: )
Description: Das Gerät "OHCI-konformer IEEE 1394-Hostcontroller" (PCI\VEN_197B&DEV_2380&SUBSYS_3060103C&REV_00\4&e6d5667&0&0050) wurde ohne vorbereitende Maßnahmen vom System entfernt.

Error: (02/01/2014 06:31:42 PM) (Source: disk) (User: )
Description: Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.

Error: (02/01/2014 11:40:06 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (02/01/2014 11:35:11 AM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (02/01/2014 11:35:11 AM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (02/01/2014 11:35:11 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/31/2014 08:11:01 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (01/31/2014 08:11:01 PM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (01/31/2014 08:11:01 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (01/30/2014 09:37:53 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX


Microsoft Office Sessions:
=========================
Error: (12/03/2013 08:06:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 08:05:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/03/2013 08:05:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 775 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-20 19:43:04.528
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 19:43:04.372
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 19:43:04.216
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 19:43:04.060
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-20 19:43:03.873
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 3068.9 MB
Available physical RAM: 1571.98 MB
Total Pagefile: 6370.31 MB
Available Pagefile: 4615.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:287.03 GB) (Free:145.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:11.06 GB) (Free:1.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1DD43CB8)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich hoffe das war so richtig, danke für die schnelle antwort!
__________________

Alt 02.02.2014, 07:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Warum nutzt Du Norton Internet Security UND Avira? Willste den Rechner toasten?

Lass die von Antivir angemeckerte Datei mal bei www.virustotal.com scannen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.02.2014, 10:06   #5
amelia33
 
Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Guten Morgen.
Norton war auf dem Laptop vorinstalliert und ich dachte eigentlich ich hätte es restlos deinstalliert.
Irgendwie finde ich die Datei nicht wieder, ich weiss zwar in welchem Ordner (Quarantäne) sie sich befindet, finde den aber bei virustotal nicht in meinen Ordner wieder.


Alt 03.02.2014, 10:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Zitat:
C:\ProgramData\WildTangent\d0dc6569-7b4e-4707-b589-ea594b6d8d31-extr.exe
Das ist sie, musst in den Ordneroptionen versteckte Dateien anzeigen lassen.
__________________
--> Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?

Alt 04.02.2014, 19:39   #7
amelia33
 
Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Guten Abend.

Muss ich in den "Programme" Ordner? Wie lasse ich denn die versteckten Dateien anzeigen?
Tut mir Leid, bin leider nicht so Computer-Fit

Alt 05.02.2014, 12:55   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Systemsteuerung > Ordneroptionen > Haken setzen bei versteckte Dateien anzeigen lassen. Übernehmen und Ok klicken.

Dann siehst du auch den Programdata Ordner.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2014, 18:31   #9
amelia33
 
Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



okay, soweit so gut, das hab ich geschafft

ich sehe jetzt die Datein von "Wild Tangent", es handelt sich um vorinstallierte Spiele von HP. Die angebliche "Virusdatei" ist aber nicht dabei, da sie in Quarantäne ist?

Alt 06.02.2014, 14:24   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Standard

Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?



Dann lass sie aus der Quarantäne raus
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?
antivir, archiv, archive, board, dateien, erkennt, fehlalarm, folge, folgendes, guten, heute, infizierte, laptop, malware, pc probleme, pferd, probleme, quarantäne, recovery, suche, tr/crypt.zpack.gen, troja, trojanische, trojanische pferd, warnung, wildtangent




Ähnliche Themen: Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?


  1. TR/Crypt.ZPACK.Gen8 windows vista
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (19)
  2. TR/Crypt.ZPACK.Gen8 gefunden
    Log-Analyse und Auswertung - 23.01.2014 (5)
  3. TR/Crypt.ZPACK.Gen8 + TR/Injector.M
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (9)
  4. TR/Crypt.ZPACK.Gen8' [trojan] Malware
    Log-Analyse und Auswertung - 12.04.2013 (31)
  5. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  6. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  7. TR/Crypt.ZPACK.Gen8 und zweimal Adware
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (16)
  8. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  9. EXP/Pidief.def und insb. TR/Crypt.ZPACK.Gen8 Befall
    Log-Analyse und Auswertung - 18.07.2012 (29)
  10. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  11. TR/Crypt.ZPACK.Gen8 – schwarzer Bildschirm, Systemfehlermeldungen
    Log-Analyse und Auswertung - 30.05.2012 (30)
  12. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  13. crypt.zpack.gen8, Trojaner auslöschen
    Log-Analyse und Auswertung - 16.05.2012 (6)
  14. TR/Crypt.ZPACK.Gen8 auf meinem Labtop
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (9)
  15. TR/Crypt.ZPack.Gen8 - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  16. (XPOST) TR/Crypt.ZPACK.Gen8 und die Folgen. Was tun?
    Mülltonne - 06.04.2012 (1)
  17. TR/Crypt.ZPack.Gen8 Advira fehler- wie entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (3)

Zum Thema Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? - Guten Abend. Ich habe heute meinen Laptop mit Antivir überprüft und Antivir hat folgendes gefunden: Beginne mit der Suche in 'C:\' C:\ProgramData\WildTangent\d0dc6569-7b4e-4707-b589-ea594b6d8d31-extr.exe [0] Archivtyp: NSIS --> 1/mahjongg_artifacts.exe [FUND] Ist das - Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm?...
Archiv
Du betrachtest: Antivir erkennt TR/Crypt.ZPACK.Gen8 bei WildTangent - Fehlalarm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.