|
Log-Analyse und Auswertung: "TR/Crypt.XPACK.Gen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.11.2010, 13:40 | #1 |
| "TR/Crypt.XPACK.Gen" Hallo! Wie der Threadkopf schon zeigt, sagt Avira mir dass mein Laptop mit dem Trojaner(?) "TR/Crypt.XPACK.Gen" befallen sei. Die befallene Datei soll C:\Users\NameXY\AppData\Local\Temp\EADC225.exe sein. Wenn ich auf entfernen klicke, sagt er mir, dass es nicht geht! Bitte um Hilfe! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:25:38, on 17.11.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\BisonCam\BisonAPP.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Athan\Athan.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Windows\SysWOW64\mfpmp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613802 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Athan] "C:\Program Files (x86)\Athan\Athan.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7588 bytes Danke! |
17.11.2010, 19:49 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "TR/Crypt.XPACK.Gen" Hallo,
__________________diese Funde mit EADC-Dateien im Tempordner hatte ich letztens hier auch in einem Fall, die entpuppten sich soweit als Fehlalarm. Aber trotzdem mal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
17.11.2010, 20:25 | #3 |
| "TR/Crypt.XPACK.Gen" Vielen Danke erstmal!
__________________MBAM Scan läuft, bisher 11 infizierte Dateien. Wollte eigentlich nur anmerken, dass Avira eben eine neue Meldung brachte : C:\Users\XY\AppData\Local\Temp\EADFE2C.exe soll wohl auch infiziert sein. Mfg |
17.11.2010, 21:17 | #4 | |
| "TR/Crypt.XPACK.Gen" Hier die Ergebnisse von MBAM Zitat:
|
17.11.2010, 21:39 | #5 |
| "TR/Crypt.XPACK.Gen" OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.11.2010 21:20:58 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\XY\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 74,61 Gb Free Space | 32,04% Space Free | Partition Type: NTFS Drive D: | 310,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: XY-PC | User Name: XY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (Cam5603D) -- C:\Windows\SysNative\Drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV:64bit: - (smscirrx64) -- C:\Windows\SysNative\DRIVERS\smscirrx64.sys (SMSC) DRV:64bit: - (WINIO) -- C:\Windows\SysNative\WinIo.sys (hxxp://www.internals.com) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613802 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {6813e189-51e7-4d89-a90d-b9c53f2119bb}:2.7.1.3 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 18:42:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.29 18:42:05 | 000,000,000 | ---D | M] [2010.06.26 20:43:42 | 000,000,000 | ---D | M] -- C:\Users\XY\AppData\Roaming\mozilla\Extensions [2010.11.17 12:51:24 | 000,000,000 | ---D | M] -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions [2010.09.28 22:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.16 22:12:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.08 10:51:52 | 000,000,947 | ---- | M] () -- C:\Users\XY\AppData\Roaming\Mozilla\FireFox\Profiles\hcid4f9c.default\searchplugins\conduit.xml [2010.11.16 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.02 16:38:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.02 16:38:42 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.02 16:38:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.02 16:38:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.02 16:38:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.) O4:64bit: - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PowerManager] C:\Program Files (x86)\Power Manager\PM.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.07.31 17:32:03 | 000,000,971 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\directx\command - "" = D:\DIRECTX\DXSETUP.EXE -- [2002.07.31 17:32:03 | 000,096,768 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dplay\command - "" = D:\DIRECTX\DPLAY61A.EXE -- [2002.07.31 17:32:03 | 000,485,600 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxdiag\command - "" = D:\GOODIES\AR40DEU.EXE -- [2002.07.31 17:32:03 | 005,994,880 | R--- | M] (InstallShield Software Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxinfo\command - "" = D:\GOODIES\DIRECTX\DXINFO.EXE -- [2002.07.31 17:32:03 | 000,299,520 | R--- | M] (Microsoft Corp.) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtest\command - "" = D:\DIRECTX\DXDIAG.EXE -- [2002.07.31 17:32:03 | 001,253,648 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtool\command - "" = D:\GOODIES\DIRECTX\DXTOOL.EXE -- [2002.07.31 17:32:03 | 000,033,280 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\log\command - "" = D:\goodies\machine\machine.exe -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\machine\command - "" = D:\GOODIES\MACHINE\MACHINE.EXE -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\zone\command - "" = D:\GOODIES\MSZONE\ZONEA600.EXE -- [2002.07.31 17:32:03 | 006,753,985 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.17 20:06:23 | 000,000,000 | ---D | C] -- C:\Users\XY\AppData\Roaming\Malwarebytes [2010.11.17 20:06:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.17 20:06:11 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.17 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.17 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.11.17 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.11.16 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2010.11.16 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2010.11.16 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Neuer Ordner [2010.11.14 21:45:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Dortmund [2010.11.11 12:44:28 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Linn Krefeld [2010.11.09 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Nermin Yeni Fotograflar [2010.11.07 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Schloss Hülchrath [2010.11.07 20:55:19 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Neuss [2010.11.07 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Wuppertal [2010.11.04 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Augsburg Sonbahar [2010.11.04 11:17:14 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Augsburg [2010.11.03 22:59:11 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Strazburg [2010.11.03 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\BadenBaden [2010.11.01 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Documents\Meine empfangenen Dateien [2010.10.27 08:40:37 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010.10.27 08:40:36 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010.10.27 08:40:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010.10.27 08:40:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010.10.27 08:40:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010.10.27 08:40:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010.10.26 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.10.26 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Sonbahar [2010.10.25 16:00:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Krefeld [2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022 [2010.10.25 07:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.10.25 07:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.10.24 21:11:13 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Krefeld Ev [2010.10.24 15:26:57 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Frankfurt [2010.10.24 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Bad Nauheim [2010.10.22 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\geschihten [2010.10.20 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Mettmann [2010.10.20 12:30:07 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Nermin Eski Fotograflar ========== Files - Modified Within 30 Days ========== [2010.11.17 21:18:22 | 001,472,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.11.17 21:18:22 | 000,638,344 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.11.17 21:18:22 | 000,604,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.11.17 21:18:22 | 000,131,514 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.11.17 21:18:22 | 000,107,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.11.17 21:13:11 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.001 [2010.11.17 21:12:30 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.17 21:12:30 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.17 21:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.17 21:10:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.17 20:06:16 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.17 19:30:59 | 000,022,038 | ---- | M] () -- C:\Windows\KernelMessage [2010.11.17 13:25:22 | 000,002,567 | ---- | M] () -- C:\Users\XY\Desktop\HiJackThis.lnk [2010.11.16 22:18:32 | 000,004,991 | ---- | M] () -- C:\Users\XY\Documents\koln111.rtf [2010.11.16 20:57:15 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for XY.job [2010.11.15 22:30:16 | 000,005,149 | ---- | M] () -- C:\Users\XY\Documents\koln11.rtf [2010.11.14 19:42:22 | 001,671,381 | ---- | M] () -- C:\Users\XY\Desktop\klassischeBuecher_und_Gelehrte.pdf [2010.11.14 11:42:48 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job [2010.11.13 11:33:01 | 000,009,787 | ---- | M] () -- C:\Users\XY\Documents\Dortmund.rtf [2010.11.13 00:10:14 | 000,001,554 | ---- | M] () -- C:\Users\XY\Documents\dusseldorf.rtf [2010.11.10 14:42:24 | 000,010,193 | ---- | M] () -- C:\Users\XY\Documents\koln1.rtf [2010.11.09 17:05:52 | 000,018,944 | ---- | M] () -- C:\Users\XY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.08 11:24:40 | 000,001,420 | ---- | M] () -- C:\Users\XY\Documents\katedral.rtf [2010.11.07 20:15:14 | 000,173,618 | ---- | M] () -- C:\Users\XY\Desktop\yad allahs.pdf [2010.11.07 17:12:23 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.dat [2010.11.03 07:17:42 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.11.02 22:57:01 | 000,059,771 | ---- | M] () -- C:\Users\XY\Desktop\62396_439662678092_193073658092_5513689_3304719_n.jpg [2010.11.01 17:36:43 | 000,106,974 | ---- | M] () -- C:\Users\XY\Desktop\236_MuhammadibnAbdulWahab.pdf [2010.11.01 17:28:04 | 000,289,750 | ---- | M] () -- C:\Users\XY\Desktop\dhikr.pdf [2010.11.01 16:12:22 | 000,002,423 | ---- | M] () -- C:\Users\XY\Desktop\Hadith.rtf [2010.10.30 22:10:28 | 000,000,192 | ---- | M] () -- C:\Users\XY\Documents\muze.rtf [2010.10.30 11:25:39 | 000,003,523 | ---- | M] () -- C:\Users\XY\Documents\Strasburg.rtf [2010.10.25 07:58:16 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.10.25 07:58:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini ========== Files Created - No Company Name ========== [2010.11.17 20:06:16 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.17 13:23:55 | 000,002,567 | ---- | C] () -- C:\Users\XY\Desktop\HiJackThis.lnk [2010.11.15 23:32:00 | 000,004,991 | ---- | C] () -- C:\Users\XY\Documents\koln111.rtf [2010.11.14 19:42:22 | 001,671,381 | ---- | C] () -- C:\Users\XY\Desktop\klassischeBuecher_und_Gelehrte.pdf [2010.11.14 11:42:47 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job [2010.11.12 23:09:44 | 000,001,554 | ---- | C] () -- C:\Users\XY\Documents\dusseldorf.rtf [2010.11.11 14:56:21 | 000,009,787 | ---- | C] () -- C:\Users\XY\Documents\Dortmund.rtf [2010.11.10 14:42:41 | 000,005,149 | ---- | C] () -- C:\Users\XY\Documents\koln11.rtf [2010.11.08 11:26:49 | 000,010,193 | ---- | C] () -- C:\Users\XY\Documents\koln1.rtf [2010.11.07 20:15:14 | 000,173,618 | ---- | C] () -- C:\Users\XY\Desktop\yad allahs.pdf [2010.11.02 22:56:59 | 000,059,771 | ---- | C] () -- C:\Users\XY\Desktop\62396_439662678092_193073658092_5513689_3304719_n.jpg [2010.11.01 17:36:43 | 000,106,974 | ---- | C] () -- C:\Users\XY\Desktop\236_MuhammadibnAbdulWahab.pdf [2010.11.01 17:28:04 | 000,289,750 | ---- | C] () -- C:\Users\XY\Desktop\dhikr.pdf [2010.11.01 16:12:22 | 000,002,423 | ---- | C] () -- C:\Users\XY\Desktop\Hadith.rtf [2010.10.30 22:10:28 | 000,000,192 | ---- | C] () -- C:\Users\XY\Documents\muze.rtf [2010.10.30 07:34:12 | 000,003,523 | ---- | C] () -- C:\Users\XY\Documents\Strasburg.rtf [2010.10.27 21:47:47 | 000,001,420 | ---- | C] () -- C:\Users\XY\Documents\katedral.rtf [2010.10.25 07:58:17 | 000,000,506 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for XY.job [2010.10.25 07:58:16 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.10.25 07:58:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.09.29 11:12:41 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll [2010.09.29 11:12:41 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.09.29 11:12:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.07.10 21:39:11 | 000,023,413 | ---- | C] () -- C:\Users\XY\AppData\Roaming\__t.bin [2010.06.28 14:04:35 | 000,002,479 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.06.27 20:22:40 | 000,018,944 | ---- | C] () -- C:\Users\XY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.26 20:19:53 | 000,443,528 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistMSI4240.txt [2010.06.26 20:19:53 | 000,013,978 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistUI4240.txt [2010.06.26 14:50:15 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.001 [2010.06.26 14:50:12 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.dat [2010.06.26 14:35:58 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2010.06.26 14:26:27 | 000,000,680 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps.dat [2010.06.26 14:22:44 | 000,000,732 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps64.dat [2009.04.11 17:24:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.11 17:23:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2002.07.31 17:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2001.02.15 19:43:14 | 000,143,447 | ---- | C] () -- C:\Windows\SysWow64\DispLayline.dll [1999.11.16 10:57:08 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Comdll32.DLL < End of report > |
17.11.2010, 21:44 | #6 |
| "TR/Crypt.XPACK.Gen" OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.11.2010 21:20:58 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\XY\Downloads 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 74,61 Gb Free Space | 32,04% Space Free | Partition Type: NTFS Drive D: | 310,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: XY-PC | User Name: XY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 00 AF B5 BE C4 BA C9 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{081C5A19-38F1-4CDB-BA5E-994FC047FE39}" = rport=445 | protocol=6 | dir=out | app=system | "{13377F9F-7E79-4CAC-B709-F0FFC4E2A101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3FEB6D93-25F3-4CEC-985E-9861D7023247}" = lport=137 | protocol=17 | dir=in | app=system | "{5E6407F6-0799-48DF-A3F5-21213B031D9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6125BFEB-65F3-45B1-8606-363984EC97C5}" = lport=138 | protocol=17 | dir=in | app=system | "{77C6CC02-0655-4044-88C5-AA2C62CAA1E3}" = rport=139 | protocol=6 | dir=out | app=system | "{A074CB0E-0B46-4862-9B54-355D0112DCAD}" = lport=445 | protocol=6 | dir=in | app=system | "{B0688B91-B8AF-42AB-A1C0-9CA07CD6D228}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BCF14C2D-71BE-4075-899B-EAAFFCA1A66C}" = rport=137 | protocol=17 | dir=out | app=system | "{BE1754DE-D95A-45F5-BE2E-412FA4B7C09B}" = rport=138 | protocol=17 | dir=out | app=system | "{C909E2D0-EC49-4F85-A017-AA30BE08ED75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9BC91D1-525B-41DC-9B63-7C9174DF4B90}" = lport=139 | protocol=6 | dir=in | app=system | "{D58F19D3-03B7-4A12-8A7E-20C61934053C}" = lport=2869 | protocol=6 | dir=in | app=system | "{DC435F22-3BBC-4D20-87DF-1C55FBB3EB4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{265B0625-93F0-4E84-9990-EE15145FD3F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{38B86D69-FFA9-4DF0-9FD7-23E77C0A9B5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4F37550C-74DF-450D-AAEC-63F2D451A88A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{52845D25-EC56-464F-BE12-57F32025E873}" = protocol=17 | dir=in | app=d:\alicesetup.exe | "{56293037-0978-48CE-A2B3-8B64EF10F4D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | "{61372077-EABD-4799-B550-2661CE5850A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A3175D8A-9F3F-4038-8371-F9D0FCE62668}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AC3BECE0-9715-4005-BE89-39E453FCAEFD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{BC04D75A-02FC-4A8E-A667-6C0088E9320B}" = protocol=6 | dir=in | app=d:\alicesetup.exe | "{C62F560F-F9E7-43CD-BDA1-B09A6B8E1509}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{2FCFCAD4-4070-4A17-ADDC-24FA8DC84302}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{37F6AEB4-D543-43BB-B141-699341FD4832}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "TCP Query User{A0E6CCDA-0E08-4D99-826C-A3B724671DD2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{E73AA3C5-BEBC-4228-B761-A8279EC7CDEF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{008CBBA5-3236-4482-824B-B95CEE30CF95}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{0455D09B-6F1B-4658-B76F-95FDF70F4126}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "UDP Query User{6D1B9648-B141-4DC7-9C94-D1777BA7A191}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{89CA535C-7FF3-4EC6-9C7C-5CCAACDF4247}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6D7AED4A30ABE45AFA06FB0B660D7C60C13E28F0" = Windows-Treiberpaket - SMSC (smscirrx64) HIDClass (02/02/2007 6.1.6000.0) "D9C2CADBCACF6F12970B98531B829B14456435B3" = Windows Driver Package - Silicon Integrated Systems Corp.(1.11.03) (SIS163u) Net (05/07/2007 6.0.1039.1110) "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "OEMInformation" = OEM Logo and Information "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600 "{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Peter Jackson's King Kong - The Official Game of the Movie "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1 "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Age of Empires 2.0" = Microsoft Age of Empires II "Athan" = Athan Basic 3.9 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "EADM" = EA Download Manager "Free FLV Converter_is1" = Free FLV Converter V 6.91.0 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "IsoBuster_is1" = IsoBuster 2.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "NSS" = Norton Security Scan "Power Manager_is1" = Power Manager 2.1.7 "TeamViewer 5" = TeamViewer 5 "Veetle TV" = Veetle TV 0.9.17 "VLC media player" = VLC media player 1.1.2 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.10.2010 05:23:46 | Computer Name = XY-PC | Source = RapiMgr | ID = 8 Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode finden Sie in den Daten.) Error - 12.10.2010 05:24:23 | Computer Name = XY-PC | Source = RapiMgr | ID = 6 Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden. Error - 12.10.2010 05:29:54 | Computer Name = XY-PC | Source = RapiMgr | ID = 8 Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode finden Sie in den Daten.) Error - 12.10.2010 09:51:01 | Computer Name = XY-PC | Source = RapiMgr | ID = 6 Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden. Error - 12.10.2010 09:56:32 | Computer Name = XY-PC | Source = RapiMgr | ID = 6 Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden. Error - 12.10.2010 10:01:04 | Computer Name = XY-PC | Source = RapiMgr | ID = 8 Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode finden Sie in den Daten.) Error - 02.11.2010 15:43:25 | Computer Name = XY-PC | Source = VSS | ID = 12289 Description = Error - 02.11.2010 15:43:25 | Computer Name = XY-PC | Source = System Restore | ID = 8193 Description = Error - 14.11.2010 05:16:20 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Error - 17.11.2010 16:19:53 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. [ System Events ] Error - 23.09.2010 08:37:05 | Computer Name = XY-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.72 für die Netzwerkkarte mit der Netzwerkadresse 001644BCC53B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 23.09.2010 08:46:17 | Computer Name = XY-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse 001644BCC53B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 24.09.2010 10:00:47 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 24.09.2010 um 09:44:57 unerwartet heruntergefahren. Error - 24.09.2010 14:59:59 | Computer Name = XY-PC | Source = DCOM | ID = 10010 Description = Error - 27.09.2010 13:07:53 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 27.09.2010 um 15:07:18 unerwartet heruntergefahren. Error - 28.09.2010 05:43:15 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 28.09.2010 um 11:41:15 unerwartet heruntergefahren. Error - 28.09.2010 15:35:51 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 28.09.2010 um 21:23:05 unerwartet heruntergefahren. Error - 02.10.2010 14:49:01 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 02.10.2010 um 17:51:10 unerwartet heruntergefahren. Error - 04.10.2010 01:15:34 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 03.10.2010 um 22:49:43 unerwartet heruntergefahren. Error - 05.10.2010 16:17:49 | Computer Name = XY-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 05.10.2010 um 12:16:01 unerwartet heruntergefahren. < End of report > |
18.11.2010, 23:31 | #7 |
| "TR/Crypt.XPACK.Gen" Kann man vllt mal drüberschauen ? =) |
19.11.2010, 08:46 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "TR/Crypt.XPACK.Gen" Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.07.31 17:32:03 | 000,000,971 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\directx\command - "" = D:\DIRECTX\DXSETUP.EXE -- [2002.07.31 17:32:03 | 000,096,768 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dplay\command - "" = D:\DIRECTX\DPLAY61A.EXE -- [2002.07.31 17:32:03 | 000,485,600 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxdiag\command - "" = D:\GOODIES\AR40DEU.EXE -- [2002.07.31 17:32:03 | 005,994,880 | R--- | M] (InstallShield Software Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxinfo\command - "" = D:\GOODIES\DIRECTX\DXINFO.EXE -- [2002.07.31 17:32:03 | 000,299,520 | R--- | M] (Microsoft Corp.) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtest\command - "" = D:\DIRECTX\DXDIAG.EXE -- [2002.07.31 17:32:03 | 001,253,648 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtool\command - "" = D:\GOODIES\DIRECTX\DXTOOL.EXE -- [2002.07.31 17:32:03 | 000,033,280 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\log\command - "" = D:\goodies\machine\machine.exe -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\machine\command - "" = D:\GOODIES\MACHINE\MACHINE.EXE -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\zone\command - "" = D:\GOODIES\MSZONE\ZONEA600.EXE -- [2002.07.31 17:32:03 | 006,753,985 | R--- | M] () :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
19.11.2010, 20:08 | #9 |
| "TR/Crypt.XPACK.Gen" All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. D:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found. File move failed. D:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: XY ->Temp folder emptied: 20302757 bytes ->Temporary Internet Files folder emptied: 130333225 bytes ->FireFox cache emptied: 72094575 bytes ->Flash cache emptied: 23613 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 55941 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 485765960 bytes Total Files Cleaned = 676,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11192010_200024 Files\Folders moved on Reboot... File move failed. D:\AUTORUN.INF scheduled to be moved on reboot. File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot. File move failed. D:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot. File move failed. D:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot. File move failed. D:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot. File move failed. D:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot. File move failed. D:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot. File move failed. D:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot. File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot. File move failed. D:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot. File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. C:\Users\XY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
19.11.2010, 20:31 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "TR/Crypt.XPACK.Gen" Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.11.2010, 22:16 | #11 |
| "TR/Crypt.XPACK.Gen" MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Ultimate Edition Windows Information: Service Pack 2 (build 6002), 64-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Xa 2528 Logical Drives Mask: 0x0000001c Kernel Drivers (total 157): 0x0244A000 \SystemRoot\system32\ntoskrnl.exe 0x02404000 \SystemRoot\system32\hal.dll 0x0060F000 \SystemRoot\system32\kdcom.dll 0x00619000 \SystemRoot\system32\PSHED.dll 0x0062D000 \SystemRoot\system32\CLFS.SYS 0x0068A000 \SystemRoot\system32\CI.dll 0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00A06000 \SystemRoot\System32\Drivers\sppu.sys 0x00B3A000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x00B43000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x00B71000 \SystemRoot\system32\drivers\acpi.sys 0x00BC7000 \SystemRoot\system32\drivers\msisadrv.sys 0x008F2000 \SystemRoot\system32\drivers\pci.sys 0x00BD1000 \SystemRoot\System32\drivers\partmgr.sys 0x00BE6000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00BEA000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00922000 \SystemRoot\system32\drivers\volmgr.sys 0x00936000 \SystemRoot\System32\drivers\volmgrx.sys 0x00BF6000 \SystemRoot\system32\drivers\pciide.sys 0x0099C000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x009AC000 \SystemRoot\System32\drivers\mountmgr.sys 0x009BF000 \SystemRoot\system32\drivers\atapi.sys 0x009C7000 \SystemRoot\system32\drivers\ataport.SYS 0x009EB000 \SystemRoot\system32\drivers\nvstor.sys 0x0073C000 \SystemRoot\system32\drivers\storport.sys 0x00799000 \SystemRoot\system32\drivers\fltmgr.sys 0x007E0000 \SystemRoot\system32\drivers\fileinfo.sys 0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00E0F000 \SystemRoot\system32\drivers\ndis.sys 0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys 0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS 0x0100D000 \SystemRoot\System32\drivers\tcpip.sys 0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01388000 \SystemRoot\system32\drivers\volsnap.sys 0x013CC000 \SystemRoot\System32\Drivers\spldr.sys 0x013D4000 \SystemRoot\System32\Drivers\mup.sys 0x011AF000 \SystemRoot\System32\drivers\ecache.sys 0x00FD2000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x013E6000 \SystemRoot\system32\drivers\disk.sys 0x00D33000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x011DB000 \SystemRoot\system32\drivers\crcdisk.sys 0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x00E00000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x00D82000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x02C0F000 \SystemRoot\system32\DRIVERS\athrx.sys 0x02E0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x03804000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x038E7000 \SystemRoot\System32\drivers\watchdog.sys 0x038F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x0390D000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0391B000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03927000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x0392C000 \SystemRoot\system32\DRIVERS\smscirrx64.sys 0x0393E000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x03948000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x03953000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03999000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x039AA000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x039C6000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x039D8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x03A0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03C02000 \SystemRoot\system32\DRIVERS\nvm60x64.sys 0x03D22000 \SystemRoot\System32\Drivers\a3xb3rnx.SYS 0x03D64000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x03D9D000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03DAA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x03DCD000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03AFB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03DD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x03B2C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03B4A000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x03B62000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x03DE9000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03DFC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x0373E000 \SystemRoot\system32\DRIVERS\ks.sys 0x039E8000 \SystemRoot\system32\DRIVERS\circlass.sys 0x03A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03772000 \SystemRoot\system32\DRIVERS\umbus.sys 0x03782000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x037CA000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0420D000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x04301000 \SystemRoot\system32\drivers\portcls.sys 0x0433C000 \SystemRoot\system32\drivers\drmk.sys 0x0435F000 \SystemRoot\system32\drivers\ksthunk.sys 0x04365000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS 0x0440B000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS 0x04609000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS 0x046D0000 \SystemRoot\system32\drivers\modem.sys 0x046DF000 \SystemRoot\system32\DRIVERS\hidir.sys 0x046EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x046FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x04704000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x0470F000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0471A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x04724000 \SystemRoot\System32\Drivers\Null.SYS 0x0472D000 \SystemRoot\System32\drivers\vga.sys 0x0473B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x04760000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x04769000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0476B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x04774000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0477D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04788000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04799000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x047A2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x047BF000 \SystemRoot\system32\DRIVERS\smb.sys 0x04589000 \SystemRoot\system32\drivers\afd.sys 0x043B6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x047DA000 \SystemRoot\system32\DRIVERS\pacer.sys 0x037DE000 \SystemRoot\system32\DRIVERS\netbios.sys 0x047F8000 \??\C:\Windows\system32\WinIo.sys 0x02D74000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D8F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x045F4000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04A0A000 \SystemRoot\system32\drivers\csc.sys 0x04A80000 \SystemRoot\System32\Drivers\dfsc.sys 0x04A9D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x04ABF000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x04ACD000 \SystemRoot\System32\Drivers\bthport.sys 0x04B7B000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x04BAC000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x04BB9000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x04ECA000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x04EE6000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04EF4000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x04EFE000 \SystemRoot\System32\Drivers\dump_nvstor.sys 0x04F0E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x04F21000 \SystemRoot\System32\drivers\Dxapi.sys 0x04F2D000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004A0000 \SystemRoot\System32\TSDDD.dll 0x00670000 \SystemRoot\System32\cdd.dll 0x04F40000 \SystemRoot\system32\drivers\luafv.sys 0x04F62000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x09802000 \SystemRoot\system32\drivers\spsys.sys 0x0989C000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x098B0000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x098E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x098EF000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x09907000 \SystemRoot\system32\drivers\HTTP.sys 0x099AA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x099D3000 \SystemRoot\system32\DRIVERS\bowser.sys 0x04F7F000 \SystemRoot\System32\drivers\mpsdrv.sys 0x04F99000 \SystemRoot\system32\drivers\mrxdav.sys 0x04FC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x00D96000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x04BD8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x09E01000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09E33000 \SystemRoot\System32\DRIVERS\srv.sys 0x09EC7000 \SystemRoot\system32\drivers\peauth.sys 0x09F7D000 \SystemRoot\System32\Drivers\secdrv.SYS 0x09F88000 \SystemRoot\System32\drivers\tcpipreg.sys 0x04E00000 \SystemRoot\System32\Drivers\BisonCam.sys 0x09FBA000 \SystemRoot\System32\Drivers\STREAM.SYS 0x77AF0000 \Windows\System32\ntdll.dll Processes (total 62): 0 System Idle Process 4 System 492 C:\Windows\System32\smss.exe 560 csrss.exe 604 C:\Windows\System32\wininit.exe 624 csrss.exe 660 C:\Windows\System32\services.exe 688 C:\Windows\System32\winlogon.exe 704 C:\Windows\System32\lsass.exe 716 C:\Windows\System32\lsm.exe 872 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 304 C:\Windows\System32\svchost.exe 380 C:\Windows\System32\svchost.exe 432 C:\Windows\System32\svchost.exe 616 C:\Windows\System32\audiodg.exe 880 C:\Windows\System32\SLsvc.exe 1060 C:\Windows\System32\svchost.exe 1324 C:\Windows\System32\svchost.exe 1580 C:\Windows\System32\spoolsv.exe 1624 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1632 C:\Windows\System32\taskeng.exe 1640 C:\Windows\System32\dwm.exe 1648 C:\Windows\explorer.exe 1680 C:\Windows\System32\svchost.exe 1956 C:\Program Files\Windows Defender\MSASCui.exe 1964 C:\Windows\RAVCpl64.exe 1972 C:\Windows\BisonCam\BisonAPP.exe 1308 C:\Windows\System32\rundll32.exe 1316 C:\Program Files (x86)\Power Manager\PM.exe 1508 C:\Windows\WindowsMobile\wmdSync.exe 1512 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 2072 C:\Windows\System32\rundll32.exe 2080 C:\Windows\ehome\ehtray.exe 2144 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe 2224 C:\Windows\ehome\ehmsas.exe 2376 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2384 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe 2444 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 2640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2704 C:\Program Files (x86)\Athan\Athan.exe 2716 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe 2752 C:\Windows\System32\svchost.exe 2784 C:\Windows\SysWOW64\svchost.exe 2844 C:\Windows\System32\svchost.exe 2952 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 2968 C:\Windows\System32\svchost.exe 2984 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe 3012 C:\Windows\System32\svchost.exe 2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 3000 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe 2120 C:\Windows\System32\svchost.exe 3724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe 1900 C:\Program Files\Windows Media Player\wmpnscfg.exe 3004 C:\Program Files\Windows Media Player\wmpnetwk.exe 2104 C:\Windows\System32\taskeng.exe 4368 C:\Windows\System32\svchost.exe 3284 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2892 C:\Windows\explorer.exe 1912 C:\Users\XY\Downloads\MBRCheck.exe 4648 C:\Windows\SysWOW64\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDC WD2500BEVS-00UST, Rev: 01.0 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
21.11.2010, 11:15 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | "TR/Crypt.XPACK.Gen" Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.11.2010, 17:21 | #13 |
| "TR/Crypt.XPACK.Gen" SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 11/21/2010 at 04:59 PM Application Version : 4.45.1000 Core Rules Database Version : 5894 Trace Rules Database Version: 3706 Scan type : Complete Scan Total Scan Time : 01:39:50 Memory items scanned : 558 Memory threats detected : 0 Registry items scanned : 12207 Registry threats detected : 0 File items scanned : 112178 File threats detected : 2 Adware.Tracking Cookie C:\Users\XY\AppData\Roaming\Microsoft\Windows\Cookies\XY@atdmt.combing[2].txt C:\Users\XY\AppData\Roaming\Microsoft\Windows\Cookies\XY@atdmt[2].txt |
21.11.2010, 18:31 | #14 |
| "TR/Crypt.XPACK.Gen" Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5138 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 21.11.2010 18:20:29 mbam-log-2010-11-21 (18-20-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 234026 Laufzeit: 58 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
21.11.2010, 18:53 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | "TR/Crypt.XPACK.Gen"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu "TR/Crypt.XPACK.Gen" |
adobe, antivir, antivir guard, avg, avira, bho, desktop, downloader, entfernen, explorer, firefox, hijack, hijackthis, internet, internet explorer, mozilla, pdfforge toolbar, rundll, software, spigot, syswow64, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, vista, windows, wmp |