|
Log-Analyse und Auswertung: TR/CRYPT.XPACK.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.12.2010, 14:19 | #1 |
| TR/CRYPT.XPACK.Gen Hi AntiVir hat folgenden "Virus" gefunden. In der Datei 'C:\Users\Desktop\AP30558113.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern habe noch nichts unternommen. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:16:38, on 30.12.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\mobsync.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mobile Partner\Mobile Partner.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ICQ7.1\ICQ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Free YouTube Download - C:\Users\Wolfgang Kindt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Wolfgang Kindt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C5534C-6A06-4E4B-93BF-2F6C1D391110}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: IEConfig 1und1/WEB.DE/GMX Edition (serviceIEConfig) - Unknown owner - C:\Windows\System32\ieconfig_1und1_svc.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe Mfg |
30.12.2010, 15:52 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/CRYPT.XPACK.Gen Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
30.12.2010, 22:15 | #3 |
| TR/CRYPT.XPACK.Gen Malwarebytes' Anti-Malware 1.50.1.1100
__________________www.malwarebytes.org Datenbank Version: 5423 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 30.12.2010 21:24:51 mbam-log-2010-12-30 (21-24-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 262150 Laufzeit: 46 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.12.2010 21:31:13 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\Wolfgang Kindt\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 281,60 Gb Total Space | 133,02 Gb Free Space | 47,24% Space Free | Partition Type: NTFS Drive F: | 22,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 298,09 Gb Total Space | 214,41 Gb Free Space | 71,93% Space Free | Partition Type: NTFS Computer Name: DAS_SYSTEM | User Name: Wolfgang Kindt | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wolfgang Kindt\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) PRC - C:\Programme\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH) PRC - C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\VideoLAN\VLC\vlc.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Programme\Mobile Partner\Mobile Partner.exe () PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Wolfgang Kindt\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (VC10SecS) -- C:\Programme\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe (mquadr.at softwareengineering und consulting gmbh) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH) DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.16 22:32:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.16 22:32:07 | 000,000,000 | ---D | M] [2010.05.26 13:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang Kindt\AppData\Roaming\mozilla\Extensions [2010.12.30 14:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang Kindt\AppData\Roaming\mozilla\Firefox\Profiles\u71j9rxt.default\extensions [2010.05.26 16:31:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wolfgang Kindt\AppData\Roaming\mozilla\Firefox\Profiles\u71j9rxt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.23 19:46:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Wolfgang Kindt\AppData\Roaming\mozilla\Firefox\Profiles\u71j9rxt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.06.25 11:15:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Wolfgang Kindt\AppData\Roaming\mozilla\Firefox\Profiles\u71j9rxt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.12.26 20:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.26 18:42:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.12.26 18:42:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.09.25 08:50:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.25 08:50:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.25 08:50:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.25 08:50:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.25 08:50:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (WEB.DE Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VC10Player] C:\Programme\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [WindowsWelcomeCenter] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Wolfgang Kindt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Wolfgang Kindt\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Wolfgang Kindt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Wolfgang Kindt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.11.18 00:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{74684932-919a-11de-8636-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{74684932-919a-11de-8636-00238bfdf133}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{752bfcb5-6b40-11df-acba-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{752bfcb5-6b40-11df-acba-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{907083f1-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{907083f1-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{907083ff-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{907083ff-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9070840d-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{9070840d-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{a91c5960-808c-11df-a95b-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{a91c5960-808c-11df-a95b-00238bfdf133}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{b95324ac-34ca-11df-8f4f-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{b95324ac-34ca-11df-8f4f-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b95324e0-34ca-11df-8f4f-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{b95324e0-34ca-11df-8f4f-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d36f24f6-8127-11df-b1d6-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{d36f24f6-8127-11df-b1d6-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e8cdb481-88c2-11df-ab91-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e8cdb481-88c2-11df-ab91-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e9d24145-c680-11df-813e-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e9d24145-c680-11df-813e-00238bfdf133}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{e9d2415d-c680-11df-813e-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e9d2415d-c680-11df-813e-00238bfdf133}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{efa50a00-8fe1-11df-a218-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{efa50a00-8fe1-11df-a218-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.30 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\AppData\Roaming\Malwarebytes [2010.12.30 20:21:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.30 20:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 20:21:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.30 20:21:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.30 14:47:00 | 000,186,392 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\vdrv1000.sys [2010.12.30 14:47:00 | 000,013,952 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\HH10Help.sys [2010.12.30 14:46:57 | 000,000,000 | --SD | C] -- C:\Users\Wolfgang Kindt\AppData\Roaming\Virtual CD v10 [2010.12.30 14:46:28 | 000,000,000 | ---D | C] -- C:\Programme\Virtual CD v10 [2010.12.30 14:26:12 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\Desktop\Neuer Ordner [2010.12.30 14:08:05 | 040,971,776 | ---- | C] (Konami Digital Entertainment Co., Ltd.) -- C:\Users\Wolfgang Kindt\Desktop\AP30558113.exe [2010.12.30 13:57:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.12.29 17:35:33 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\Desktop\xac [2010.12.29 17:00:56 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\Desktop\New Folder [2010.12.29 15:31:09 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\Desktop\Stefan [2010.12.26 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\AppData\Roaming\Nero [2010.12.26 20:28:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero [2010.12.26 20:28:01 | 000,000,000 | ---D | C] -- C:\Programme\Nero [2010.12.26 20:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.12.26 18:42:59 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\AppData\Roaming\skypePM [2010.12.26 18:41:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.12.26 18:41:49 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.12.26 18:41:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang Kindt\AppData\Roaming\Skype [2010.12.26 18:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2009.05.22 08:03:24 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.30 21:30:02 | 000,411,610 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.30 21:30:02 | 000,411,610 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.30 21:17:46 | 000,162,304 | ---- | M] () -- C:\Users\Wolfgang Kindt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.30 21:01:23 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.30 21:01:23 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.30 21:01:23 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.30 21:01:23 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.30 20:21:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 20:16:05 | 000,000,301 | ---- | M] () -- C:\Users\Wolfgang Kindt\Desktop\Mobile Partner (F) 0 Bytes.lnk [2010.12.30 19:58:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 19:58:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 19:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.30 14:46:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk [2010.12.30 14:01:40 | 000,002,541 | ---- | M] () -- C:\Users\Wolfgang Kindt\Desktop\HiJackThis.lnk [2010.12.27 15:14:11 | 000,000,512 | ---- | M] () -- C:\Windows\System32\videocfg.bin [2010.12.26 20:28:41 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010.12.26 18:43:05 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.12.26 18:41:50 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.09 19:03:43 | 000,002,631 | ---- | M] () -- C:\Users\Wolfgang Kindt\Desktop\Microsoft Office Word 2007.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.30 20:21:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 20:16:05 | 000,000,301 | ---- | C] () -- C:\Users\Wolfgang Kindt\Desktop\Mobile Partner (F) 0 Bytes.lnk [2010.12.30 14:46:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CD v10.lnk [2010.12.30 14:25:31 | 000,032,799 | ---- | C] () -- C:\Users\Wolfgang Kindt\Desktop\NS-PES2011_SR-poseden.rar [2010.12.30 13:57:38 | 000,002,541 | ---- | C] () -- C:\Users\Wolfgang Kindt\Desktop\HiJackThis.lnk [2010.12.29 17:15:20 | 073,321,056 | ---- | C] () -- C:\Users\Wolfgang Kindt\Desktop\SDC12458.AVI [2010.12.27 15:13:41 | 000,000,512 | ---- | C] () -- C:\Windows\System32\videocfg.bin [2010.12.26 20:28:41 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2010.12.26 18:43:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.26 18:41:50 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.11.18 22:20:41 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.10.29 16:56:00 | 000,000,680 | ---- | C] () -- C:\Users\Wolfgang Kindt\AppData\Local\d3d9caps.dat [2010.06.25 20:04:43 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.03.25 20:56:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.03.21 12:26:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.03.21 12:26:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.03.21 12:21:51 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2010.03.21 11:33:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.30 17:16:41 | 000,002,093 | ---- | C] () -- C:\Users\Wolfgang Kindt\AppData\Roaming\mdb.bin [2009.08.30 16:48:03 | 000,162,304 | ---- | C] () -- C:\Users\Wolfgang Kindt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.25 20:03:55 | 000,005,892 | ---- | C] () -- C:\Users\Wolfgang Kindt\AppData\Local\MyWinLockerInstaller.txt-20090825.log [2009.08.25 19:21:25 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log [2009.07.23 11:05:31 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.23 11:00:55 | 000,007,074 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.07.23 10:45:11 | 000,411,610 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.23 10:45:02 | 000,411,610 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.11 13:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.09.09 10:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2008.09.09 10:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.05.21 19:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.03.12 12:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > Danke schonmal |
30.12.2010, 22:33 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/CRYPT.XPACK.Gen Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
31.12.2010, 11:24 | #5 |
| TR/CRYPT.XPACK.Gen Habe leider keine anderen Logs...habe das Programm auch zum erstenmal benutzt. Man kann wohl mit dem bisherigen logs nichts anfangen? Also Malwarebytes scheint ja nichts gefunden zu haben. Weiß nicht wie das bei HijackThis und OTL aussieht...da seh ich nicht durch :-) |
01.01.2011, 21:14 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/CRYPT.XPACK.Gen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007.11.18 00:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{74684932-919a-11de-8636-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{74684932-919a-11de-8636-00238bfdf133}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{752bfcb5-6b40-11df-acba-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{752bfcb5-6b40-11df-acba-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{907083f1-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{907083f1-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{907083ff-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{907083ff-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{9070840d-35df-11df-9f44-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{9070840d-35df-11df-9f44-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{a91c5960-808c-11df-a95b-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{a91c5960-808c-11df-a95b-00238bfdf133}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{b95324ac-34ca-11df-8f4f-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{b95324ac-34ca-11df-8f4f-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b95324e0-34ca-11df-8f4f-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{b95324e0-34ca-11df-8f4f-00238bfdf133}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{d36f24f6-8127-11df-b1d6-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{d36f24f6-8127-11df-b1d6-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e8cdb481-88c2-11df-ab91-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e8cdb481-88c2-11df-ab91-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e9d24145-c680-11df-813e-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e9d24145-c680-11df-813e-00238bfdf133}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{e9d2415d-c680-11df-813e-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{e9d2415d-c680-11df-813e-00238bfdf133}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{efa50a00-8fe1-11df-a218-00238bfdf133}\Shell - "" = AutoRun O33 - MountPoints2\{efa50a00-8fe1-11df-a218-00238bfdf133}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.01.21 02:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> TR/CRYPT.XPACK.Gen |
Themen zu TR/CRYPT.XPACK.Gen |
antivir, antivir guard, avira, bho, browser, converter, desktop, firefox, hijack, hijackthis, internet, internet explorer, launch, mozilla, mp3, object, plug-in, programm, realtek, rundll, software, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojan, virus, vista, vodafone, windows |