Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.10.2010, 23:28   #1
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Hi ich habe mir siet einiger Zeit den Virus TR/crypt.xpack.gen3 eingefangen und werde den nun nicht mehr los.

Habe es schon versucht mit OTL runterzubekommen allerdings weiß ich nicht zu 100% was ich dort in den fix kasten reinschreiben sollte.
Der Virus war danach jedoch für ca. 2 Tage erstmal weg bis er sich dann wieder meldet..^^

Dann sind oft 40 Funde

hab jetzt eben wieder den ordner Temp gelöscht und die viren sind vorerst wieder weg...

habe danach einmal mit Malwarebytes Antimalware gescannt und das ist dabei rausgekommen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4764

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

15.10.2010 23:09:33
mbam-log-2010-10-15 (23-09-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 422986
Laufzeit: 1 Stunde(n), 29 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\dir\install\install\jtdll.exe (Backdoor.SpyRat) -> Quarantined and deleted successfully.
         
Und Otl:

Code:
ATTFilter
OTL logfile created on: 15.10.2010 23:13:25 - Run 6
OTL by OldTimer - Version 3.2.14.1     Folder = c:\Users\Tobi\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 61,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,74 Gb Total Space | 352,83 Gb Free Space | 60,65% Space Free | Partition Type: NTFS
Drive D: | 14,43 Gb Total Space | 1,98 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 595,87 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.08 14:14:21 | 000,576,512 | ---- | M] (OldTimer Tools) -- c:\Users\Tobi\Downloads\OTL.exe
PRC - [2010.09.17 13:48:24 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.17 13:48:23 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.05.27 07:31:36 | 001,287,120 | ---- | M] (PC Tools) -- C:\Desktop\Spyware Doctor\pctsTray.exe
PRC - [2010.04.19 17:04:20 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2010.04.19 17:04:20 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.04.19 17:04:20 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.24 20:18:28 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.24 20:18:28 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Desktop\Spyware Doctor\pctsSvc.exe
PRC - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Desktop\Spyware Doctor\pctsAuxs.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.03.25 17:45:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2008.10.06 14:36:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.10.06 14:36:14 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.08 14:14:21 | 000,576,512 | ---- | M] (OldTimer Tools) -- c:\Users\Tobi\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.02.26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Desktop\Spyware Doctor\smum32.dll
MOD - [2009.10.30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Desktop\Spyware Doctor\PCTGMhk.dll
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc)
SRV:64bit: - [2010.03.16 20:50:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.09.21 15:19:28 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010.04.19 17:04:20 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.19 17:04:20 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.04.19 17:04:20 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.24 20:18:28 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.16 20:51:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Desktop\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Desktop\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.02.24 15:12:45 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.08.24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.10.06 14:36:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.02.29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\NSNDIS5.SYS -- (NSNDIS5)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010.03.29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010.03.24 20:18:28 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.03.24 20:18:28 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.01.13 10:30:00 | 000,560,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WN111v2x.sys -- (WN111v2)
DRV:64bit: - [2008.10.06 15:18:02 | 000,405,528 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008.10.01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.08.06 18:26:08 | 000,174,592 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2006.11.02 09:48:50 | 000,326,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ati2mpad.sys -- (ati2mpad)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008.09.26 03:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.10 03:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\nsndis5.sys -- (NSNDIS5)
DRV - [2003.11.07 01:41:54 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Lunch Design Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.7.2.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..keyword.URL: "hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66022&qkw="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2009.08.19 12:58:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.17 13:48:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.17 13:48:25 | 000,000,000 | ---D | M]
 
[2009.02.18 20:01:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2010.10.14 23:38:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions
[2010.04.27 17:11:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.23 15:23:59 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010.08.28 11:06:31 | 000,000,000 | ---D | M] (Free Lunch Design Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2010.02.17 18:19:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.23 15:23:59 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.10.13 09:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009.10.19 14:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010.08.18 00:03:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.27 23:57:14 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.04.09 15:42:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.04.03 11:50:54 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.09.29 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\staged-xpis
[2010.10.14 17:28:05 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ye66hd8m.default\extensions\toolbar@ask.com
[2009.08.01 22:54:07 | 000,000,681 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\ask.xml
[2010.01.20 12:14:04 | 000,000,937 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\conduit.xml
[2009.09.12 18:35:48 | 000,002,272 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\google-und-download-suche.xml
[2010.10.10 17:21:04 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-1.xml
[2009.12.17 08:12:31 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-10.xml
[2010.01.06 21:55:44 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-11.xml
[2009.03.29 12:25:29 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-2.xml
[2009.04.04 18:06:50 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-3.xml
[2009.05.03 13:41:08 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-4.xml
[2009.06.12 17:42:35 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-5.xml
[2009.08.01 22:57:21 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-6.xml
[2009.08.06 13:48:17 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-7.xml
[2009.09.10 18:42:05 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-8.xml
[2009.10.29 19:50:47 | 000,000,950 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin-9.xml
[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\ye66hd8m.default\searchplugins\icqplugin.xml
[2010.10.08 18:05:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.03.04 17:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.12 09:22:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 11:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.02.25 15:17:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010.02.25 15:17:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.02.25 15:17:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.02.25 15:17:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.02.25 15:17:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.15 21:11:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Desktop\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Desktop\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Desktop\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Desktop\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [StoppUhr]  File not found
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{084e1733-a073-11de-bbda-001c4af4a3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{084e1733-a073-11de-bbda-001c4af4a3a6}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0c80659d-cbaa-11df-ace6-9714d33ba5c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0c80659d-cbaa-11df-ace6-9714d33ba5c6}\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found
O33 - MountPoints2\{c239de22-fde1-11dd-8794-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c239de22-fde1-11dd-8794-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.14 14:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.10.14 14:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010.10.14 14:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\BitTorrent
[2010.10.13 19:23:45 | 001,915,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.13 19:23:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.13 19:23:44 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.13 19:23:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.13 19:23:43 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.13 19:23:41 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.13 19:23:39 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2010.10.13 19:23:39 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010.10.13 19:23:32 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.13 19:23:31 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.10.13 19:23:31 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.13 19:23:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.13 19:23:31 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.13 19:23:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.13 19:23:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.13 19:23:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.13 19:23:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.13 19:23:30 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.10.13 19:23:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.10.13 19:23:30 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.13 19:23:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.10.13 19:23:30 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.13 19:23:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.10.13 19:23:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.13 19:23:30 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.10.13 19:23:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.10.13 19:23:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.10.13 19:23:30 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.10.13 19:23:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.13 19:23:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.10.13 19:23:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.10.13 19:23:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.10.13 19:23:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.10.13 19:23:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.10.13 19:23:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.10.13 19:23:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.13 19:23:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.13 19:23:22 | 013,426,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.13 19:23:20 | 010,627,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.13 19:23:18 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.13 19:23:18 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.13 19:23:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010.10.13 19:23:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2010.10.13 19:23:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sscore.dll
[2010.10.13 19:23:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.13 19:23:00 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.13 19:23:00 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.09 17:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.10.08 14:02:18 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010.10.08 13:55:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.07 07:39:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.09.30 16:54:28 | 000,000,000 | ---D | C] -- C:\Windows\PokerGirls Video Strip Poker v3
[2010.09.29 15:06:38 | 000,043,328 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys
[2010.09.29 15:06:38 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2010.09.29 15:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2010.09.29 15:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGEAR
[2010.09.29 15:04:29 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.09.29 14:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVM_update
[2010.09.16 07:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.15 23:13:21 | 002,883,584 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat
[2010.10.15 21:23:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 21:23:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.15 21:23:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.15 21:23:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.15 21:21:37 | 000,524,288 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TMContainer00000000000000000001.regtrans-ms
[2010.10.15 21:21:37 | 000,065,536 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TM.blf
[2010.10.15 21:20:59 | 003,309,556 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db
[2010.10.15 21:11:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.10.15 18:03:21 | 000,000,504 | ---- | M] () -- C:\Users\Tobi\Desktop\World of Warcraft.lnk
[2010.10.15 13:06:06 | 000,000,000 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.10.14 14:13:49 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010.10.14 14:08:31 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.10.14 11:47:33 | 002,954,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.08 18:11:29 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.08 14:09:55 | 000,000,680 | ---- | M] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat
[2010.10.08 13:57:48 | 000,084,944 | ---- | M] () -- C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.07 07:42:19 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.06 06:57:27 | 000,000,312 | ---- | M] () -- C:\Users\Tobi\Desktop\Curse Client.appref-ms
[2010.10.02 23:16:53 | 000,524,288 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TMContainer00000000000000000002.regtrans-ms
[2010.10.02 00:37:45 | 000,524,288 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{5abe3ef3-9d4f-11de-bc3d-001c4af4a3a6}.TMContainer00000000000000000001.regtrans-ms
[2010.10.02 00:37:45 | 000,065,536 | -HS- | M] () -- C:\Users\Tobi\ntuser.dat{5abe3ef3-9d4f-11de-bc3d-001c4af4a3a6}.TM.blf
[2010.09.29 15:41:45 | 000,190,464 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.29 15:05:33 | 000,001,900 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Setup-Assistent.lnk
[2010.09.29 15:05:33 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WN111v2 Setup-Assistent.lnk
[2010.09.29 14:30:52 | 001,457,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.29 14:30:52 | 000,638,198 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.29 14:30:52 | 000,591,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.29 14:30:52 | 000,129,900 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.29 14:30:52 | 000,107,300 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.29 11:15:59 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
 
========== Files Created - No Company Name ==========
 
[2010.10.15 13:06:06 | 000,000,000 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.10.14 14:13:49 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010.10.08 18:11:28 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.10.07 07:42:19 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.02 09:36:10 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TMContainer00000000000000000002.regtrans-ms
[2010.10.02 09:36:10 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TMContainer00000000000000000001.regtrans-ms
[2010.10.02 09:36:10 | 000,065,536 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat{a5d8b8f3-cdf7-11df-90cc-a235012ad102}.TM.blf
[2010.09.29 15:05:33 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Setup-Assistent.lnk
[2010.09.29 15:05:33 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WN111v2 Setup-Assistent.lnk
[2010.07.06 17:41:45 | 000,000,686 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\myMPQ.ini
[2010.06.28 21:47:17 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.05.10 14:49:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.05.10 14:49:18 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.05.10 14:48:50 | 000,010,598 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistUI3EB3.txt
[2010.05.10 14:48:49 | 000,362,612 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistMSI3EB0.txt
[2010.05.10 14:48:49 | 000,011,202 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistUI3EB0.txt
[2010.03.27 23:19:23 | 000,594,166 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2010.03.27 23:19:21 | 000,574,126 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_dotnetfx35install.txt
[2010.03.27 23:19:21 | 000,006,870 | ---- | C] () -- C:\Users\Tobi\AppData\Local\uxeventlog.txt
[2010.03.27 23:19:21 | 000,000,002 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_dotnetfx35error.txt
[2010.03.09 21:41:08 | 000,000,108 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\wklnhst.dat
[2010.01.27 15:29:53 | 000,000,680 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps.dat
[2009.09.18 18:03:08 | 000,367,372 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistMSI684B.txt
[2009.09.18 18:03:08 | 000,011,200 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistUI684B.txt
[2009.09.17 07:18:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.17 07:18:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.01 17:12:13 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.22 18:15:40 | 000,331,154 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistMSI780F.txt
[2009.04.22 18:15:39 | 000,021,102 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistUI780F.txt
[2009.04.22 18:02:24 | 000,414,178 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistMSI6DEB.txt
[2009.04.22 18:02:24 | 000,017,338 | ---- | C] () -- C:\Users\Tobi\AppData\Local\dd_vcredistUI6DEB.txt
[2009.02.19 15:42:45 | 000,190,464 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.18 19:48:09 | 000,000,732 | ---- | C] () -- C:\Users\Tobi\AppData\Local\d3d9caps64.dat
[2009.01.07 21:17:17 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009.01.07 21:17:17 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.05.15 00:02:36 | 007,765,533 | ---- | C] () -- C:\Windows\SysWow64\winavcode1.dll
[2005.01.19 18:23:28 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\winavcode3.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
         

habs jetzt alles so gelassen und nichts geändert.

Hoffe auf Hilfe und wenn ihr weitere Infos braucht sagt was ich tun kann^^ ich bedanke mich schonmal im Voraus. :-)

Lg Tobi

Alt 17.10.2010, 15:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Die XPACK-Funde im Tempordner sind harmlos, die stammen vom SpywareDoctor, die AntiVir fälschlicherweise als Schädlinge erkennt => TR/Crypt.XPACK.Gen3 - Ich werde ihn nicht mehr los - Viren und andere Sicherheitsrisiken - Avira Support Forum

Zitat:
Datenbank Version: 4764
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
__________________

__________________

Alt 17.10.2010, 16:08   #3
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Ok vielen dank Cosinus

Also regelt sich alles von allein, wenn ich Spywaredoctor deinstalliere?
Immer wieder nervig, wenn Antivir mir alle 3 sek von 10 neuen Funden berichtet...

Malwarebyte log kommt gleich..
__________________

Alt 17.10.2010, 16:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Du kannst warten bis das behoben wurde oder den SpywareDoctor einfach deinstallieren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.10.2010, 16:29   #5
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Warten auf das Update von Avira, in dem das behoben wird? Wielange kann das dauern?

Lg


Alt 17.10.2010, 16:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Zitat:
Zitat von Tobi_ Beitrag anzeigen
Warten auf das Update von Avira, in dem das behoben wird? Wielange kann das dauern?
Das weiß ich doch nicht
Ich arbeite ja nicht bei AntiVir. Versuch doch mal beim Support zu fragen.
__________________
--> TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....

Alt 17.10.2010, 16:40   #7
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Ok bin mir ein wenig unsicher ob ich Spyware Doctor deinstallieren möchte.^^

Aber wenigstens weiß ich dank dir jetzt das es nichts gefährliches ist

Vielen Dank Cosinus werde dich weiterempfehlen

Alt 17.10.2010, 16:40   #8
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



achja Malwarebytes braucht noch ca 1std^^

Alt 17.10.2010, 17:58   #9
Tobi_
 
TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Standard

TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4861

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17.10.2010 17:58:01
mbam-log-2010-10-17 (17-58-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 407932
Laufzeit: 1 Stunde(n), 26 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\dir\install\install\jtdll.exe (Backdoor.SpyRat) -> Quarantined and deleted successfully.
         

Antwort

Themen zu TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....
adblock, akamai, alternate, antivir, ask.com, autorun, avgntflt.sys, avira, bho, browser, components, conduit, desktop, error, firefox, google, home, home premium, iastor.sys, intranet, location, logfile, mozilla, netgear, oldtimer, otl logfile, programdata, realtek, registry, schnelle vermehrung, searchplugins, senden, softonic deutsch toolbar, software, spyware, start menu, syswow64, temp-ordner, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, viren, virus, vista, windows



Ähnliche Themen: TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP....


  1. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Alles rund um Windows - 16.06.2015 (1)
  3. TR/Crypt.XPACK.Gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (14)
  4. Trojaner TR/Crypt.XPACK.Gen3 auf Vista Home Premium 32 Bit mit Avira Free
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (11)
  5. C:\WINDOWS\system32\MRT.exe = TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (24)
  6. TR/Crypt.XPACK.Gen3 von Avira Antivir Personal gemeldet in C:\Windows\Temp\tmp...
    Log-Analyse und Auswertung - 26.12.2011 (24)
  7. TR/Crypt.XPACK.Gen3 in 14147364.exe versteckt Ordner
    Plagegeister aller Art und deren Bekämpfung - 03.07.2011 (4)
  8. tr/crypt.xpack.gen3 in c:\windows\temp
    Log-Analyse und Auswertung - 02.06.2011 (11)
  9. Infizierung mit "TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  10. infizierung: TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Mülltonne - 18.10.2010 (1)
  11. TR/Crypt.XPACK.Gen3 und TR/Dropper.Gen in C:\Windows\Temp\
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (4)
  12. 'TR/Crypt.XPACK.Gen3' in C:\WINDOWS\Temp\TMP24.tmp
    Plagegeister aller Art und deren Bekämpfung - 09.10.2010 (1)
  13. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  14. TR/crypt.xpack.gen2 und 3 unter Vista in c:\windows\temp\tMPDC5.tmp
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (16)
  15. Problem mit TR/Crypt.XPACK.Gen3 auf Windows-XP !
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (14)
  16. ständig TR/Crypt.XPACK.Gen2 im temp ordner
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (18)
  17. TR/Crypt.XPACK.Gen im TEMP-Ordner
    Plagegeister aller Art und deren Bekämpfung - 09.04.2007 (2)

Zum Thema TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... - Hi ich habe mir siet einiger Zeit den Virus TR/crypt.xpack.gen3 eingefangen und werde den nun nicht mehr los. Habe es schon versucht mit OTL runterzubekommen allerdings weiß ich nicht zu - TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.......
Archiv
Du betrachtest: TR/crypt.xpack.gen3 in Vista im Ordner c:\windows\temp\TMP.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.