Hallo Leute!
Mein erster Post hier und ich hoffe ich werde so freundlich beraten wie alle anderen hier
Habe gerade einen AntiVir-Scan gemacht, nachdem das Windows-Tool zum Entfernen bösartiger Software Dezmeber 2011 folgenden Trojaner erkannt haben will: TR/Crypt.EPACK.Gen2
Habe mein Avira-Logfile angehängt.
Vielen Dank für eure Hilfe
________________________________________________________________
Zitat:
Avira AntiVir Personal
Report file date: Donnerstag, 15. Dezember 2011 15:53
Scanning for 3579985 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PB-ANDREAS
Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 01.08.2011 16:07:11
AVSCAN.DLL : 10.0.5.0 47464 Bytes 01.08.2011 16:07:11
LUKE.DLL : 10.3.0.5 45416 Bytes 01.08.2011 16:07:11
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 01.08.2011 16:07:11
AVREG.DLL : 10.3.0.9 88833 Bytes 01.08.2011 16:07:11
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 05:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:36:57
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 15:54:29
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 21:24:16
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 11:00:34
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 17:00:57
VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 17:03:54
VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 17:03:54
VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 17:03:54
VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 17:03:54
VBASE013.VDF : 7.11.18.89 204800 Bytes 28.11.2011 16:31:56
VBASE014.VDF : 7.11.18.145 143872 Bytes 01.12.2011 15:32:24
VBASE015.VDF : 7.11.18.180 173056 Bytes 02.12.2011 21:15:48
VBASE016.VDF : 7.11.18.208 164864 Bytes 05.12.2011 16:30:51
VBASE017.VDF : 7.11.18.239 177152 Bytes 06.12.2011 15:18:33
VBASE018.VDF : 7.11.19.36 171520 Bytes 09.12.2011 12:48:41
VBASE019.VDF : 7.11.19.77 144896 Bytes 13.12.2011 19:34:47
VBASE020.VDF : 7.11.19.115 177664 Bytes 15.12.2011 14:53:11
VBASE021.VDF : 7.11.19.116 2048 Bytes 15.12.2011 14:53:11
VBASE022.VDF : 7.11.19.117 2048 Bytes 15.12.2011 14:53:11
VBASE023.VDF : 7.11.19.118 2048 Bytes 15.12.2011 14:53:11
VBASE024.VDF : 7.11.19.119 2048 Bytes 15.12.2011 14:53:11
VBASE025.VDF : 7.11.19.120 2048 Bytes 15.12.2011 14:53:11
VBASE026.VDF : 7.11.19.121 2048 Bytes 15.12.2011 14:53:11
VBASE027.VDF : 7.11.19.122 2048 Bytes 15.12.2011 14:53:11
VBASE028.VDF : 7.11.19.123 2048 Bytes 15.12.2011 14:53:11
VBASE029.VDF : 7.11.19.124 2048 Bytes 15.12.2011 14:53:11
VBASE030.VDF : 7.11.19.125 2048 Bytes 15.12.2011 14:53:11
VBASE031.VDF : 7.11.19.131 73728 Bytes 15.12.2011 14:53:12
Engineversion : 8.2.8.2
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 15:38:45
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 09.12.2011 12:51:33
AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:53:27
AESBX.DLL : 8.2.4.5 434549 Bytes 01.12.2011 16:34:25
AERDL.DLL : 8.1.9.15 639348 Bytes 13.09.2011 15:31:38
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 19:34:51
AEOFFICE.DLL : 8.1.2.23 201083 Bytes 13.12.2011 19:34:49
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 09.12.2011 12:50:51
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 15:38:13
AEGEN.DLL : 8.1.5.17 405877 Bytes 09.12.2011 12:49:04
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:53:14
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 15:38:12
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 01.08.2011 16:07:11
AVREP.DLL : 10.0.0.10 174120 Bytes 01.08.2011 16:07:11
AVARKT.DLL : 10.0.26.1 255336 Bytes 01.08.2011 16:07:10
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 01.08.2011 16:07:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 01.08.2011 16:07:10
RCTEXT.DLL : 10.0.64.0 97640 Bytes 01.08.2011 16:07:10
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: Donnerstag, 15. Dezember 2011 15:53
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanServer\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\LanmanWorkstation\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBIOS\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\NetBT\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\Smb\Linkage\export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\services\TCPIP6\Linkage\export
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'plugin-container.exe' - '73' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'firefox.exe' - '101' Module(s) have been scanned
Scan process 'thunderbird.exe' - '104' Module(s) have been scanned
Scan process 'UNS.exe' - '54' Module(s) have been scanned
Scan process 'LMworker.exe' - '22' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '71' Module(s) have been scanned
Scan process 'avgnt.exe' - '65' Module(s) have been scanned
Scan process 'LManager.exe' - '66' Module(s) have been scanned
Scan process 'Dropbox.exe' - '70' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '54' Module(s) have been scanned
Scan process 'PLFSetI.exe' - '37' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '44' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '23' Module(s) have been scanned
Scan process 'ImpWiFiSvc.exe' - '23' Module(s) have been scanned
Scan process 'rfx-server.exe' - '66' Module(s) have been scanned
Scan process 'IScheduleSvc.exe' - '61' Module(s) have been scanned
Scan process 'NBService.exe' - '51' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'GregHSRW.exe' - '24' Module(s) have been scanned
Scan process 'dsiwmis.exe' - '40' Module(s) have been scanned
Scan process 'cvpnd.exe' - '50' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '50' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '28' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '811' files ).
Starting the file scan:
Begin scan in 'C:\' <Packard Bell>
C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RK7N9MED\Firefox%20Setup%205.0.1[1].exe
--> Object
[WARNING] The file could not be read!
[WARNING] The file could not be read!
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\686f1a46-5a2c1ee3
[0] Archive type: ZIP
--> v1.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.GA exploit
C:\Users\Andreas\AppData\Roaming\appconf32.exe
[DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
Beginning disinfection:
C:\Users\Andreas\AppData\Roaming\appconf32.exe
[DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
[NOTE] The file was deleted!
C:\Users\Andreas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\686f1a46-5a2c1ee3
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-0840.GA exploit
[NOTE] The file was deleted!
End of the scan: Donnerstag, 15. Dezember 2011 17:11
Used time: 1:14:03 Hour(s)
The scan has been done completely.
30284 Scanned directories
637978 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
2 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
637976 Files not concerned
3949 Archives were scanned
2 Warnings
23 Notes
437284 Objects were scanned with rootkit scan
21 Hidden objects were found
|
15.12.2011, 17:22
Baum-Darstellung