| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen - was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.04.2011, 10:51
| #1 |
| |  TR/Crypt.ZPACK.Gen - was tun? Hallo, bin neu hier und hoffe ihr könnt mir helfen. Gestern hat sich der Trojaner TR/Crypt.ZPACK.Gen bei mir eingenistet  . Bekam von Antivir sofort mehrere Meldungen das versch. Dateien infiziert und ins Quarantäneverzeichnis verschoben wurden. Habe sofort einen Scan gemacht und Antivir fand zwar nicht mehr diesen Trojaner aber dafür den Java-Virus: JAVA/Exdoer.BG.6 (wo ich mir den Trojaner eingefangen hab bekam ich auch eine Meldung wo was mit Java drin stand). Virus in die Quarantäne verschoben und System neu gestartet. Spybot laufen lassen: kein Fund , Antivir und Malewarebytes das gleiche, kein Fund. So nun nutzte ich das Notebook aber auch für Onlinebanking usw. Weswegen ich mir nicht sicher bin was nun zu tun ist? Habe mal die logfiles von otl und malewarebytes angehängt. Muss ich das System neu drauf spielen? Dabei gäbe es allerdings ein kleines Problem. Das Notebook ist neu und ich hatte bis dahin noch keine recovery cd gemacht. Und glaube das geht auch ohne cd nicht. Das mit der Cd(bzw. es waren 3 dvd's) habe ich jetzt nachgeholt (Revocery-Ordner ist auf einer anderen Partition). Kann man die noch verwenden? mfg Tim Hier erst mal die Funde von Antivir: Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\65mnmdz6.exe' C:\Users\AA\AppData\Local\Temp\65mnmdz6.exe [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a5cf3c5.qua' verschoben! Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache7716420238782651705.tmp' Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache7716420238782651705.tmp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1-temp' Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1-temp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1' C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1 [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52d7ddb0.qua' verschoben! Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\ueimigjc.exe' C:\Users\AA\AppData\Local\Temp\ueimigjc.exe [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0090875a.qua' verschoben! Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache5911348552403466951.tmp' Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache5911348552403466951.tmp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747-temp' Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747-temp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747' C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747 [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66bfc89a.qua' verschoben! Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\h2xjx56q.exe' C:\Users\AA\AppData\Local\Temp\h2xjx56q.exe [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '232ce473.qua' verschoben! Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache8855021323985939821.tmp' Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache8855021323985939821.tmp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd-temp' Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd-temp konnte nicht geöffnet werden! Systemfehler [2]: Das System kann die angegebene Datei nicht finden. Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd' C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd [FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c20d7c5.qua' verschoben! Nach Scan von Antivir: C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-15b864db [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.BG.6 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48eed1f7.qua' verschoben! Malewarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6366 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.04.2011 06:28:51 mbam-log-2011-04-15 (06-28-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 414666 Laufzeit: 56 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.04.2011 10:57:26 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\ 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,73 Gb Total Space | 190,20 Gb Free Space | 81,73% Space Free | Partition Type: NTFS Drive D: | 232,64 Gb Total Space | 217,58 Gb Free Space | 93,53% Space Free | Partition Type: NTFS Computer Name: AA-TOSH | User Name: AA | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe () PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (SafeList) ========== MOD - D:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation) DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010.11.16 19:42:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.11.16 19:42:16 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell - "" = AutoRun O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell\AutoRun\command - "" = G:\INTEL\startspk.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.15 05:31:50 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Malwarebytes [2011.04.15 05:31:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.15 05:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 05:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 05:31:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.15 05:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.15 02:32:30 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.15 02:32:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.15 02:32:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.15 02:32:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.15 02:32:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.15 02:32:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.15 02:32:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.15 02:32:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.15 02:32:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.15 02:32:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.15 02:32:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.15 02:32:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.15 02:32:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.15 02:32:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.15 02:32:03 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.15 02:32:03 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.15 02:32:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.15 02:32:03 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.15 02:32:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.15 02:32:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.15 02:32:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.15 02:32:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.15 02:32:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.15 02:32:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.15 02:32:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.15 02:32:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.15 02:32:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.15 02:31:40 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.15 02:31:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.15 02:31:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.15 02:31:36 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.15 02:31:36 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.15 02:31:36 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.15 02:31:36 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.15 02:31:35 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.15 02:31:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.15 02:31:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.15 02:31:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.11 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Avira [2011.04.11 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.04.11 17:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.11 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.04.09 12:14:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.04.08 17:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro [2011.04.08 17:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2011.04.08 10:21:28 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\InstallShield [2011.04.08 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\WinBatch [2011.04.03 13:59:34 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Axialis [2011.04.03 13:59:28 | 057,696,588 | ---- | C] (Axialis Software) -- C:\Windows\MAHLE_ScreenSaver.scr [2011.04.01 22:46:13 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Adobe [2011.03.31 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2011.03.31 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.03.31 22:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.03.31 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2011.03.31 22:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2011.03.31 22:38:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.03.31 22:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.03.31 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Microsoft Help [2011.03.31 22:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.03.31 22:37:16 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.03.31 22:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA [2011.03.31 21:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2011.03.31 21:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dassault Systemes [2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\DassaultSystemes [2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\DassaultSystemes [2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes [2011.03.31 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\DAEMON Tools Lite [2011.03.31 21:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.03.31 21:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.03.31 21:29:56 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.03.31 21:29:56 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.03.31 21:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.03.31 21:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.03.31 19:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.03.31 08:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.03.31 07:59:47 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2011.03.31 07:59:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2011.03.31 07:59:47 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2011.03.31 07:59:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2011.03.31 07:59:47 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2011.03.31 07:59:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2011.03.31 07:59:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2011.03.31 07:59:47 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2011.03.31 07:59:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2011.03.30 14:42:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2011.03.30 14:42:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.03.30 14:42:32 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011.03.30 14:42:32 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011.03.30 14:42:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2011.03.30 14:42:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.03.30 14:42:32 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011.03.30 14:42:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011.03.30 14:42:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2011.03.30 14:42:30 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2011.03.30 14:42:30 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2011.03.30 14:42:30 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2011.03.30 14:42:30 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2011.03.30 14:42:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2011.03.30 14:42:30 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2011.03.30 14:42:30 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2011.03.30 14:42:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2011.03.30 14:42:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.03.30 14:42:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.03.30 14:42:16 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.03.30 14:42:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.03.30 14:42:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.03.30 14:42:16 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.03.30 14:42:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.03.30 14:42:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.03.30 14:42:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.03.30 14:42:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.03.30 14:42:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.03.30 14:42:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.03.30 14:42:06 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.03.30 14:42:03 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.03.30 14:42:03 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.03.30 14:42:03 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.03.30 14:42:03 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.03.30 14:42:03 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.03.30 14:42:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.03.30 14:42:01 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.03.30 14:42:01 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.03.30 14:42:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.03.30 14:42:01 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.03.30 14:42:01 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.03.30 14:42:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.03.30 14:42:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.03.30 14:42:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.03.30 14:42:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.03.30 14:42:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.03.30 14:41:56 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2011.03.30 14:41:56 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2011.03.30 14:41:31 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.03.30 14:41:31 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.03.30 14:41:31 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.03.30 14:41:30 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.03.30 14:41:24 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2011.03.30 14:41:21 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.03.30 14:41:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.03.30 14:41:19 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2011.03.30 14:41:18 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011.03.30 14:41:18 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011.03.30 14:41:18 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011.03.30 14:41:18 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011.03.29 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\TOSHIBA_Corporation [2011.03.29 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Toshiba [2011.03.29 17:24:48 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Adobe [2011.03.29 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Nero [2011.03.29 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\ATI [2011.03.29 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\ATI [2011.03.29 17:24:06 | 000,000,000 | R--D | C] -- C:\Users\AA\Searches [2011.03.29 17:24:06 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.03.29 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Identities [2011.03.29 17:23:55 | 000,000,000 | R--D | C] -- C:\Users\AA\Contacts [2011.03.29 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\VirtualStore [2011.03.29 17:20:50 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Toshiba [2011.03.29 17:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Vorlagen [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Verlauf [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Temporary Internet Files [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Startmenü [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\SendTo [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Recent [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Netzwerkumgebung [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Lokale Einstellungen [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Videos [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Musik [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Eigene Dateien [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Bilder [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Druckumgebung [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Cookies [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Anwendungsdaten [2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Anwendungsdaten [2011.03.29 17:15:09 | 000,000,000 | --SD | C] -- C:\Users\AA\AppData\Roaming\Microsoft [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Videos [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Saved Games [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Pictures [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Music [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Links [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Favorites [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Downloads [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Documents [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Desktop [2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.03.29 17:15:09 | 000,000,000 | -H-D | C] -- C:\Users\AA\AppData [2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Temp [2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Microsoft [2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Media Center Programs [2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Macromedia [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Programme [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.15 09:59:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 09:59:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 09:54:55 | 000,002,046 | ---- | M] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011.04.15 09:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.15 09:51:57 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys [2011.04.15 05:31:42 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:21:05 | 000,425,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.10 19:14:20 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.10 19:14:20 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.10 19:14:20 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.10 19:14:20 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.10 19:14:20 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.10 19:10:46 | 000,425,252 | ---- | M] () -- C:\Users\AA\Documents\test2.CATPart [2011.04.10 12:40:54 | 000,076,037 | ---- | M] () -- C:\Users\AA\Documents\test1.CATPart [2011.04.09 12:14:25 | 387,259,715 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.04 21:57:12 | 000,000,825 | ---- | M] () -- C:\Users\AA\Desktop\Studium - Verknüpfung.lnk [2011.04.03 13:55:20 | 057,696,588 | ---- | M] (Axialis Software) -- C:\Windows\MAHLE_ScreenSaver.scr [2011.03.31 22:09:54 | 000,002,488 | ---- | M] () -- C:\Users\Public\Desktop\CATIA V5R19.lnk [2011.03.31 21:52:25 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.03.31 21:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.31 21:30:02 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.03.31 15:39:01 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.03.29 17:12:52 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.03.29 17:12:52 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.03.29 17:11:21 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite L650_13467-GR_PSK1JE-0EW00.MRK [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.15 05:31:42 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.10 19:10:45 | 000,425,252 | ---- | C] () -- C:\Users\AA\Documents\test2.CATPart [2011.04.10 12:40:54 | 000,076,037 | ---- | C] () -- C:\Users\AA\Documents\test1.CATPart [2011.04.09 12:14:25 | 387,259,715 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.04 21:57:35 | 000,000,825 | ---- | C] () -- C:\Users\AA\Desktop\Studium - Verknüpfung.lnk [2011.03.31 22:09:54 | 000,002,488 | ---- | C] () -- C:\Users\Public\Desktop\CATIA V5R19.lnk [2011.03.31 21:52:25 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2011.03.31 21:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.03.31 21:30:02 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.03.31 15:39:01 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.03.29 17:24:07 | 000,001,450 | ---- | C] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.29 17:15:09 | 000,002,046 | ---- | C] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011.03.29 17:11:21 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite L650_13467-GR_PSK1JE-0EW00.MRK [2011.01.23 23:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010.11.17 10:00:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.16 18:01:20 | 000,002,012 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > |
|
15.04.2011, 11:54
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen - was tun? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
15.04.2011, 12:10
| #3 |
| | TR/Crypt.ZPACK.Gen - was tun? Nein, da ist nur diese eine Logdatei gespeichert.
__________________ |
|
15.04.2011, 13:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell - "" = AutoRun
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell\AutoRun\command - "" = G:\INTEL\startspk.exe
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.04.2011, 14:42
| #5 |
| | TR/Crypt.ZPACK.Gen - was tun? So ist gemacht: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found. File G:\INTEL\startspk.exe not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully. C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: AA ->Temp folder emptied: 34436843 bytes ->Temporary Internet Files folder emptied: 145139337 bytes ->Java cache emptied: 2027 bytes ->Flash cache emptied: 62904 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4235191 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 175,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04152011_153530 Files\Folders moved on Reboot... C:\Users\AA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
15.04.2011, 15:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> TR/Crypt.ZPACK.Gen - was tun? |
|
15.04.2011, 16:35
| #7 |
| | TR/Crypt.ZPACK.Gen - was tun? So ist gemacht: 2011/04/15 17:30:50.0256 5596 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/15 17:30:50.0271 5596 ================================================================================ 2011/04/15 17:30:50.0271 5596 SystemInfo: 2011/04/15 17:30:50.0271 5596 2011/04/15 17:30:50.0271 5596 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/15 17:30:50.0271 5596 Product type: Workstation 2011/04/15 17:30:50.0271 5596 ComputerName: AA-TOSH 2011/04/15 17:30:50.0271 5596 UserName: AA 2011/04/15 17:30:50.0271 5596 Windows directory: C:\Windows 2011/04/15 17:30:50.0271 5596 System windows directory: C:\Windows 2011/04/15 17:30:50.0271 5596 Running under WOW64 2011/04/15 17:30:50.0271 5596 Processor architecture: Intel x64 2011/04/15 17:30:50.0271 5596 Number of processors: 4 2011/04/15 17:30:50.0271 5596 Page size: 0x1000 2011/04/15 17:30:50.0271 5596 Boot type: Normal boot 2011/04/15 17:30:50.0271 5596 ================================================================================ 2011/04/15 17:30:50.0661 5596 Initialize success 2011/04/15 17:30:54.0780 5008 ================================================================================ 2011/04/15 17:30:54.0780 5008 Scan started 2011/04/15 17:30:54.0780 5008 Mode: Manual; 2011/04/15 17:30:54.0780 5008 ================================================================================ 2011/04/15 17:30:56.0106 5008 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/15 17:30:56.0230 5008 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/04/15 17:30:56.0340 5008 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/04/15 17:30:56.0480 5008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/15 17:30:56.0589 5008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/15 17:30:56.0714 5008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/15 17:30:56.0854 5008 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/04/15 17:30:56.0964 5008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/04/15 17:30:57.0088 5008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/04/15 17:30:57.0182 5008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/04/15 17:30:57.0260 5008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/15 17:30:57.0541 5008 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/04/15 17:30:57.0775 5008 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/04/15 17:30:57.0822 5008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/15 17:30:57.0931 5008 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2011/04/15 17:30:58.0040 5008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/15 17:30:58.0102 5008 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2011/04/15 17:30:58.0243 5008 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/04/15 17:30:58.0368 5008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/04/15 17:30:58.0446 5008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/15 17:30:58.0477 5008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/15 17:30:58.0555 5008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/04/15 17:30:58.0695 5008 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys 2011/04/15 17:30:58.0898 5008 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/15 17:30:58.0945 5008 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/15 17:30:59.0101 5008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/04/15 17:30:59.0163 5008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/04/15 17:30:59.0304 5008 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys 2011/04/15 17:30:59.0382 5008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/04/15 17:30:59.0428 5008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/15 17:30:59.0475 5008 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/15 17:30:59.0522 5008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/15 17:30:59.0553 5008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/15 17:30:59.0616 5008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/04/15 17:30:59.0647 5008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/15 17:30:59.0678 5008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/15 17:30:59.0694 5008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/15 17:30:59.0740 5008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/15 17:30:59.0803 5008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/15 17:30:59.0928 5008 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/15 17:31:00.0006 5008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/15 17:31:00.0068 5008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/04/15 17:31:00.0193 5008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/15 17:31:00.0224 5008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/04/15 17:31:00.0271 5008 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/04/15 17:31:00.0349 5008 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys 2011/04/15 17:31:00.0442 5008 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys 2011/04/15 17:31:00.0536 5008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/15 17:31:00.0583 5008 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/15 17:31:00.0630 5008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/15 17:31:00.0708 5008 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/04/15 17:31:00.0801 5008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/04/15 17:31:00.0848 5008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/04/15 17:31:00.0910 5008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/04/15 17:31:00.0973 5008 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/15 17:31:01.0113 5008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/04/15 17:31:01.0332 5008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/15 17:31:01.0394 5008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/04/15 17:31:01.0472 5008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/04/15 17:31:01.0534 5008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/04/15 17:31:01.0628 5008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/15 17:31:01.0690 5008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/04/15 17:31:01.0753 5008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/04/15 17:31:01.0800 5008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/15 17:31:01.0862 5008 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/04/15 17:31:01.0940 5008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/04/15 17:31:01.0987 5008 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/15 17:31:02.0065 5008 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/15 17:31:02.0127 5008 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys 2011/04/15 17:31:02.0174 5008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/15 17:31:02.0236 5008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/15 17:31:02.0283 5008 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/04/15 17:31:02.0361 5008 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/15 17:31:02.0392 5008 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 2011/04/15 17:31:02.0424 5008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/15 17:31:02.0455 5008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/15 17:31:02.0502 5008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/15 17:31:02.0548 5008 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/15 17:31:02.0611 5008 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/04/15 17:31:02.0673 5008 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/04/15 17:31:02.0736 5008 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/15 17:31:02.0751 5008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/15 17:31:02.0829 5008 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/15 17:31:02.0892 5008 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/04/15 17:31:02.0938 5008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/15 17:31:02.0970 5008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/04/15 17:31:03.0032 5008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/15 17:31:03.0079 5008 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/15 17:31:03.0126 5008 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/04/15 17:31:03.0157 5008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/04/15 17:31:03.0204 5008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/04/15 17:31:03.0235 5008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/04/15 17:31:03.0297 5008 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/15 17:31:03.0328 5008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/15 17:31:03.0375 5008 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/15 17:31:03.0422 5008 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/15 17:31:03.0438 5008 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/15 17:31:03.0484 5008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/04/15 17:31:03.0594 5008 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys 2011/04/15 17:31:03.0687 5008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/15 17:31:03.0796 5008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/15 17:31:03.0859 5008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/15 17:31:03.0874 5008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/15 17:31:03.0921 5008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/15 17:31:03.0952 5008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/04/15 17:31:03.0999 5008 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys 2011/04/15 17:31:04.0046 5008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/15 17:31:04.0077 5008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/15 17:31:04.0124 5008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/04/15 17:31:04.0171 5008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/15 17:31:04.0264 5008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/15 17:31:04.0327 5008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/15 17:31:04.0389 5008 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/04/15 17:31:04.0436 5008 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/04/15 17:31:04.0467 5008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/15 17:31:04.0530 5008 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/15 17:31:04.0623 5008 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/15 17:31:04.0686 5008 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/15 17:31:04.0748 5008 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/15 17:31:04.0810 5008 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys 2011/04/15 17:31:04.0873 5008 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/04/15 17:31:04.0935 5008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/04/15 17:31:04.0982 5008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/15 17:31:05.0044 5008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/04/15 17:31:05.0122 5008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/15 17:31:05.0169 5008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/15 17:31:05.0216 5008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/04/15 17:31:05.0278 5008 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/04/15 17:31:05.0341 5008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/15 17:31:05.0388 5008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/04/15 17:31:05.0434 5008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/15 17:31:05.0481 5008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/04/15 17:31:05.0590 5008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/15 17:31:05.0684 5008 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/04/15 17:31:05.0809 5008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/15 17:31:05.0856 5008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/15 17:31:05.0934 5008 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/15 17:31:05.0965 5008 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/15 17:31:06.0012 5008 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/04/15 17:31:06.0058 5008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/15 17:31:06.0090 5008 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/15 17:31:06.0230 5008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/15 17:31:06.0277 5008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/04/15 17:31:06.0339 5008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/15 17:31:06.0417 5008 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2011/04/15 17:31:06.0511 5008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/04/15 17:31:06.0573 5008 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/04/15 17:31:06.0636 5008 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2011/04/15 17:31:06.0682 5008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/04/15 17:31:06.0729 5008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/15 17:31:06.0838 5008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/04/15 17:31:06.0901 5008 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/04/15 17:31:06.0948 5008 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/04/15 17:31:06.0994 5008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/04/15 17:31:07.0057 5008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/15 17:31:07.0104 5008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/04/15 17:31:07.0166 5008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/04/15 17:31:07.0291 5008 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys 2011/04/15 17:31:07.0447 5008 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/15 17:31:07.0478 5008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/04/15 17:31:07.0540 5008 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/15 17:31:07.0618 5008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/15 17:31:07.0696 5008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/15 17:31:07.0728 5008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/15 17:31:07.0759 5008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/15 17:31:07.0852 5008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/15 17:31:07.0899 5008 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/15 17:31:07.0930 5008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/15 17:31:07.0977 5008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/15 17:31:08.0024 5008 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/15 17:31:08.0055 5008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/15 17:31:08.0102 5008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/15 17:31:08.0149 5008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/15 17:31:08.0227 5008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/15 17:31:08.0274 5008 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/04/15 17:31:08.0336 5008 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys 2011/04/15 17:31:08.0461 5008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/15 17:31:08.0523 5008 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys 2011/04/15 17:31:08.0570 5008 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/04/15 17:31:08.0710 5008 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/15 17:31:08.0835 5008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/04/15 17:31:08.0929 5008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/15 17:31:08.0976 5008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/04/15 17:31:09.0022 5008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/15 17:31:09.0100 5008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/15 17:31:09.0163 5008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/04/15 17:31:09.0210 5008 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/15 17:31:09.0256 5008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/15 17:31:09.0334 5008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/15 17:31:09.0397 5008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/15 17:31:09.0475 5008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/04/15 17:31:09.0553 5008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/04/15 17:31:09.0646 5008 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/04/15 17:31:09.0646 5008 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/04/15 17:31:09.0646 5008 sptd - detected Locked file (1) 2011/04/15 17:31:09.0709 5008 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/04/15 17:31:09.0771 5008 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/15 17:31:09.0818 5008 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/15 17:31:09.0880 5008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/15 17:31:09.0943 5008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/15 17:31:10.0068 5008 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/15 17:31:10.0192 5008 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/04/15 17:31:10.0348 5008 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/15 17:31:10.0426 5008 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/15 17:31:10.0504 5008 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2011/04/15 17:31:10.0551 5008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/04/15 17:31:10.0582 5008 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/04/15 17:31:10.0676 5008 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/15 17:31:10.0738 5008 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/15 17:31:11.0035 5008 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\Windows\system32\DRIVERS\tosrfec.sys 2011/04/15 17:31:11.0160 5008 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/15 17:31:11.0238 5008 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/15 17:31:11.0300 5008 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2011/04/15 17:31:11.0347 5008 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys 2011/04/15 17:31:11.0378 5008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/15 17:31:11.0425 5008 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/15 17:31:11.0487 5008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/04/15 17:31:11.0550 5008 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/15 17:31:11.0596 5008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/15 17:31:11.0659 5008 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/15 17:31:11.0706 5008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/04/15 17:31:11.0737 5008 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/15 17:31:11.0799 5008 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/15 17:31:11.0846 5008 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/15 17:31:11.0877 5008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/15 17:31:11.0908 5008 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/15 17:31:11.0940 5008 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/15 17:31:12.0018 5008 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/15 17:31:12.0158 5008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/04/15 17:31:12.0205 5008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/15 17:31:12.0252 5008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/04/15 17:31:12.0298 5008 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/04/15 17:31:12.0345 5008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/04/15 17:31:12.0408 5008 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/04/15 17:31:12.0454 5008 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/04/15 17:31:12.0517 5008 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/04/15 17:31:12.0595 5008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/15 17:31:12.0642 5008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/04/15 17:31:12.0720 5008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/04/15 17:31:12.0829 5008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/15 17:31:12.0891 5008 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/15 17:31:12.0922 5008 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/15 17:31:13.0032 5008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/04/15 17:31:13.0094 5008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/15 17:31:13.0281 5008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/15 17:31:13.0328 5008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/04/15 17:31:13.0484 5008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/15 17:31:13.0593 5008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/15 17:31:13.0702 5008 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/04/15 17:31:13.0765 5008 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/15 17:31:13.0858 5008 ================================================================================ 2011/04/15 17:31:13.0858 5008 Scan finished 2011/04/15 17:31:13.0858 5008 ================================================================================ 2011/04/15 17:31:13.0874 5204 Detected object count: 1 2011/04/15 17:31:53.0295 5204 Locked file(sptd) - User select action: Skip |
|
15.04.2011, 18:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? SPTD ist ok. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 20:23
| #9 |
| | TR/Crypt.ZPACK.Gen - was tun? So das ist auch erledigt: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-14.03 - AA 15.04.2011 21:03:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3959.2625 [GMT 2:00]
ausgeführt von:: c:\users\AA\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-15 bis 2011-04-15 ))))))))))))))))))))))))))))))
.
.
2011-04-15 19:08 . 2011-04-15 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-15 15:55 . 2011-04-15 15:55 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-15 12:15 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B92A1D0-3B55-4D02-B25E-D2AEA4E05980}\mpengine.dll
2011-04-15 11:58 . 2011-04-15 11:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-04-15 11:57 . 2011-04-15 11:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-15 11:57 . 2011-04-15 11:57 -------- d-----w- c:\program files (x86)\Java
2011-04-15 11:08 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-04-15 11:08 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-04-15 11:08 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-04-15 11:08 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-04-15 11:08 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-04-15 03:31 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-15 03:31 . 2011-04-15 03:31 -------- d-----w- c:\programdata\Malwarebytes
2011-04-15 03:31 . 2011-04-15 03:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-15 03:31 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-15 00:31 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-11 15:52 . 2011-04-11 15:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-11 15:52 . 2011-04-11 15:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-08 15:12 . 2011-04-08 15:12 -------- d-----w- c:\programdata\TOSHIBA Tempro
2011-04-08 15:12 . 2011-04-08 15:12 -------- d-----w- c:\programdata\IsolatedStorage
2011-04-03 11:59 . 2011-04-03 11:55 57696588 ----a-w- c:\windows\MAHLE_ScreenSaver.scr
2011-04-01 11:21 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-31 20:40 . 2011-03-31 20:40 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-03-31 20:39 . 2011-03-31 20:39 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-03-31 20:38 . 2011-03-31 20:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-03-31 20:37 . 2011-03-31 20:42 -------- d-----w- c:\programdata\Microsoft Help
2011-03-31 20:37 . 2011-03-31 20:37 -------- d-----r- C:\MSOCache
2011-03-31 19:57 . 2011-03-31 19:57 -------- d-----w- c:\program files (x86)\Dassault Systemes
2011-03-31 19:56 . 2011-03-31 19:57 -------- d-----w- c:\programdata\DassaultSystemes
2011-03-31 19:52 . 2011-03-31 19:52 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-31 19:51 . 2011-03-31 19:51 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-03-31 19:29 . 2011-03-04 12:36 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-31 19:29 . 2011-03-04 12:36 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-31 19:29 . 2011-03-31 19:29 -------- d-----w- c:\programdata\Avira
2011-03-31 19:29 . 2011-03-31 19:29 -------- d-----w- c:\program files (x86)\Avira
2011-03-31 17:05 . 2011-03-31 20:39 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-31 06:02 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-31 06:02 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-31 06:00 . 2011-03-31 06:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-31 05:59 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-31 05:59 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-31 05:59 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-31 05:59 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-31 05:59 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-31 05:59 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-31 05:59 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-31 05:59 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-31 05:59 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-31 05:59 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-31 05:59 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-30 12:56 . 2011-03-30 12:56 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-03-30 12:41 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-03-29 15:15 . 2011-03-29 15:15 -------- d-----w- c:\programdata\ToshibaEurope
2011-03-29 15:15 . 2011-03-29 15:24 -------- d-----w- c:\users\AA
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 05:54 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-23 21:46 . 2011-01-23 21:46 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-01-23 21:46 . 2011-01-23 21:46 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-01-23 21:46 . 2011-01-23 21:46 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-01-23 21:46 . 2011-01-23 21:46 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-01-23 21:46 . 2011-01-23 21:46 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe" [2010-03-04 243032]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-15 21:11:24
ComboFix-quarantined-files.txt 2011-04-15 19:11
.
Vor Suchlauf: 9 Verzeichnis(se), 205.158.961.152 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 204.447.891.456 Bytes frei
.
- - End Of File - - 476713070AE1B9D1C0EAFEEF958C3FA5
|
|
15.04.2011, 20:59
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 22:18
| #11 |
| | TR/Crypt.ZPACK.Gen - was tun? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 23:16:48
Windows 6.1.7600
Running: zikchyjt.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF5 0xE5 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xF5 0xE5 0x24 ...
---- EOF - GMER 1.0.15 ----
|
|
16.04.2011, 11:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? Und das vonMBRcheck?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2011, 12:23
| #13 |
| | TR/Crypt.ZPACK.Gen - was tun? ups...hatte ich glatt vergessen...  MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: TOSHIBA BIOS Manufacturer: INSYDE System Manufacturer: TOSHIBA System Product Name: Satellite L650 Logical Drives Mask: 0x0000001c Kernel Drivers (total 195): 0x02A5A000 \SystemRoot\system32\ntoskrnl.exe 0x02A11000 \SystemRoot\system32\hal.dll 0x00BAF000 \SystemRoot\system32\kdcom.dll 0x00CB4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CF8000 \SystemRoot\system32\PSHED.dll 0x00D0C000 \SystemRoot\system32\CLFS.SYS 0x00EEF000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x010A7000 \SystemRoot\System32\Drivers\sphq.sys 0x011CD000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00EB3000 \SystemRoot\system32\DRIVERS\pci.sys 0x011D6000 \SystemRoot\System32\drivers\partmgr.sys 0x011EB000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x011F4000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FAF000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D6A000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FC4000 \SystemRoot\System32\drivers\mountmgr.sys 0x0109D000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00FDE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x012CD000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x014D5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x014DE000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x01508000 \SystemRoot\system32\DRIVERS\msahci.sys 0x01513000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0151E000 \SystemRoot\system32\drivers\fltmgr.sys 0x0156A000 \SystemRoot\system32\drivers\fileinfo.sys 0x01657000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0157E000 \SystemRoot\System32\Drivers\msrpc.sys 0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01200000 \SystemRoot\System32\Drivers\cng.sys 0x0161A000 \SystemRoot\System32\drivers\pcw.sys 0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01822000 \SystemRoot\system32\drivers\ndis.sys 0x01914000 \SystemRoot\system32\drivers\NETIO.SYS 0x01974000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01A00000 \SystemRoot\System32\drivers\tcpip.sys 0x0199F000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x019E9000 \SystemRoot\system32\DRIVERS\wd.sys 0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x019F1000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0x019F6000 \SystemRoot\System32\Drivers\spldr.sys 0x00DC6000 \SystemRoot\System32\drivers\rdyboost.sys 0x01800000 \SystemRoot\System32\Drivers\mup.sys 0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys 0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01635000 \SystemRoot\system32\DRIVERS\disk.sys 0x00C3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0425F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x04289000 \SystemRoot\System32\Drivers\Null.SYS 0x04292000 \SystemRoot\System32\Drivers\Beep.SYS 0x04299000 \SystemRoot\System32\drivers\vga.sys 0x042A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x042CC000 \SystemRoot\System32\drivers\watchdog.sys 0x042DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x042E5000 \SystemRoot\system32\drivers\rdpencdd.sys 0x042EE000 \SystemRoot\system32\drivers\rdprefmp.sys 0x042F7000 \SystemRoot\System32\Drivers\Msfs.SYS 0x04302000 \SystemRoot\System32\Drivers\Npfs.SYS 0x04313000 \SystemRoot\system32\DRIVERS\tdx.sys 0x04331000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x0433E000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02E2C000 \SystemRoot\system32\drivers\afd.sys 0x02EB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02EBF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02EE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x02EFB000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02F0A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02F25000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02F39000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02F8A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02F96000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02FA1000 \??\C:\Windows\system32\drivers\LUMDriver.sys 0x02FAB000 \SystemRoot\System32\drivers\discache.sys 0x02FBA000 \SystemRoot\System32\Drivers\dfsc.sys 0x02FD8000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02E00000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x04383000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02E22000 \SystemRoot\system32\DRIVERS\TVALZFL.sys 0x02FE9000 \SystemRoot\system32\DRIVERS\FwLnk.sys 0x043A9000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x04AB6000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x086AD000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x087A1000 \SystemRoot\System32\drivers\dxgmms1.sys 0x08600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x08624000 \SystemRoot\system32\DRIVERS\HECIx64.sys 0x08635000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x08646000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x087E7000 \SystemRoot\system32\DRIVERS\L1C62x64.sys 0x044D8000 \SystemRoot\system32\DRIVERS\bcmwl664.sys 0x047C7000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x047D4000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x047D9000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0440F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x04461000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x04463000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x04472000 \SystemRoot\system32\DRIVERS\tosrfec.sys 0x0447A000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0x04484000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0449A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x044AA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x05161000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x044C0000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x05185000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x051B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x051CF000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x044CC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04A1A000 \SystemRoot\system32\DRIVERS\ks.sys 0x04A5D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05219000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x05273000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x05288000 \SystemRoot\system32\drivers\CHDMI64.sys 0x0533C000 \SystemRoot\system32\drivers\portcls.sys 0x05379000 \SystemRoot\system32\drivers\drmk.sys 0x0539B000 \SystemRoot\system32\drivers\ksthunk.sys 0x05AC1000 \SystemRoot\system32\drivers\CHDRT64.sys 0x05B74000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x000D0000 \SystemRoot\System32\win32k.sys 0x05B91000 \SystemRoot\System32\drivers\Dxapi.sys 0x05B9D000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05BAB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05BC4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05BCD000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x05BDA000 \SystemRoot\system32\DRIVERS\monitor.sys 0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys 0x05A2E000 \SystemRoot\system32\DRIVERS\pgeffect.sys 0x05A35000 \SystemRoot\System32\Drivers\crashdmp.sys 0x04000000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x05A43000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00550000 \SystemRoot\System32\TSDDD.dll 0x00660000 \SystemRoot\System32\cdd.dll 0x05A56000 \SystemRoot\system32\drivers\luafv.sys 0x05A79000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x05A96000 \SystemRoot\system32\drivers\WudfPf.sys 0x05BE8000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x053A1000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x05200000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x04A6F000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x06644000 \SystemRoot\system32\drivers\HTTP.sys 0x0670C000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0672A000 \SystemRoot\System32\drivers\mpsdrv.sys 0x06742000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0676F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x067BD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x07CA0000 \SystemRoot\system32\drivers\peauth.sys 0x07D46000 \SystemRoot\System32\Drivers\secdrv.SYS 0x07D51000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x07D7E000 \SystemRoot\System32\drivers\tcpipreg.sys 0x07D90000 \SystemRoot\System32\DRIVERS\srv2.sys 0x07C00000 \SystemRoot\System32\DRIVERS\srv.sys 0x77520000 \Windows\System32\ntdll.dll 0x47D80000 \Windows\System32\smss.exe 0xFF840000 \Windows\System32\apisetschema.dll 0xFFF90000 \Windows\System32\autochk.exe 0xFF7E0000 \Windows\System32\Wldap32.dll 0xFF740000 \Windows\System32\clbcatq.dll 0xFF6F0000 \Windows\System32\ws2_32.dll 0xFF670000 \Windows\System32\shlwapi.dll 0xFF650000 \Windows\System32\sechost.dll 0x77420000 \Windows\System32\user32.dll 0xFF640000 \Windows\System32\lpk.dll 0xFF560000 \Windows\System32\oleaut32.dll 0x776F0000 \Windows\System32\psapi.dll 0xFF4C0000 \Windows\System32\msvcrt.dll 0xFE730000 \Windows\System32\shell32.dll 0x77300000 \Windows\System32\kernel32.dll 0xFE650000 \Windows\System32\advapi32.dll 0xFE630000 \Windows\System32\imagehlp.dll 0xFE500000 \Windows\System32\rpcrt4.dll 0xFE490000 \Windows\System32\gdi32.dll 0xFE410000 \Windows\System32\difxapi.dll 0xFE3E0000 \Windows\System32\imm32.dll 0xFE340000 \Windows\System32\comdlg32.dll 0xFE130000 \Windows\System32\ole32.dll 0x776E0000 \Windows\System32\normaliz.dll 0xFE000000 \Windows\System32\wininet.dll 0xFDDA0000 \Windows\System32\iertutil.dll 0xFDC20000 \Windows\System32\urlmon.dll 0xFDA40000 \Windows\System32\setupapi.dll 0xFDA30000 \Windows\System32\nsi.dll 0xFD920000 \Windows\System32\msctf.dll 0xFD850000 \Windows\System32\usp10.dll 0xFD810000 \Windows\System32\cfgmgr32.dll 0xFD6A0000 \Windows\System32\crypt32.dll 0xFD600000 \Windows\System32\comctl32.dll 0xFD5E0000 \Windows\System32\devobj.dll 0xFD570000 \Windows\System32\KernelBase.dll 0xFD530000 \Windows\System32\wintrust.dll 0xFD520000 \Windows\System32\msasn1.dll Processes (total 83): 0 System Idle Process 4 System 336 C:\Windows\System32\smss.exe 452 csrss.exe 528 C:\Windows\System32\wininit.exe 552 csrss.exe 584 C:\Windows\System32\services.exe 604 C:\Windows\System32\lsass.exe 612 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\atiesrxx.exe 932 C:\Windows\System32\winlogon.exe 972 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 352 C:\Windows\System32\svchost.exe 1056 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\atieclxx.exe 1188 C:\Windows\System32\svchost.exe 1336 C:\Windows\System32\wlanext.exe 1344 C:\Windows\System32\conhost.exe 1448 C:\Windows\System32\spoolsv.exe 1476 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1556 C:\Windows\System32\taskhost.exe 1640 C:\Windows\System32\dwm.exe 1672 C:\Windows\explorer.exe 1756 C:\Windows\System32\svchost.exe 2032 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1292 C:\Windows\System32\svchost.exe 1776 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 1948 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1552 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe 1936 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1700 C:\Windows\System32\conhost.exe 2236 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe 2252 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe 2276 C:\Windows\System32\TODDSrv.exe 2308 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2400 C:\Program Files\TOSHIBA\TECO\TecoService.exe 2456 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2512 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 2556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2776 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe 2784 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe 2840 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe 2868 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe 3036 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe 608 C:\Program Files\TOSHIBA\TECO\Teco.exe 2144 C:\Program Files\Windows Sidebar\sidebar.exe 3320 C:\Windows\System32\SearchIndexer.exe 3452 C:\Windows\System32\svchost.exe 3624 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe 3728 C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe 3900 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe 3932 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3992 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe 4012 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 4084 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3988 C:\Windows\System32\taskeng.exe 4412 C:\Program Files\Windows Media Player\wmpnetwk.exe 4556 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe 4676 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4868 C:\Windows\System32\svchost.exe 5056 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe 5932 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 3044 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 760 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 5896 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe 5856 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe 3496 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 4596 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 5832 C:\Program Files (x86)\Nero\Update\NASvc.exe 5916 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 3908 C:\Windows\System32\svchost.exe 4860 C:\Windows\System32\wuauclt.exe 2960 WmiPrvSE.exe 5260 C:\Windows\System32\audiodg.exe 3676 dllhost.exe 4408 dllhost.exe 5220 C:\Users\AA\Downloads\MBRCheck.exe 3840 C:\Windows\System32\conhost.exe 5800 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`47800000 (NTFS) PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001TSM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 |
|
16.04.2011, 14:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen - was tun? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2011, 23:40
| #15 |
| | TR/Crypt.ZPACK.Gen - was tun? Hier: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6375 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16.04.2011 20:53:09 mbam-log-2011-04-16 (20-53-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 416758 Laufzeit: 58 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) UPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 04/16/2011 bei 11:56 PM Version der Applikation : 4.50.1002 Version der Kern-Datenbank : 6854 Version der Spur-Datenbank : 4666 Scan Art : kompletter Scann Totale Scann-Zeit : 02:40:52 Gescannte Speicherelemente : 838 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 13982 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 256840 Erfasste Datei-Elemente : 0 |
|
| Themen zu TR/Crypt.ZPACK.Gen - was tun? |
| adobe, alert, analysis, antivir, autorun, avg, avgntflt.sys, avira, bho, browser, chdrt64.sys, desktop, document, ebanking, error, explorer, firefox, format, helper, home, iastor.sys, jar_cache, kein fund, location, media center, mozilla, nicht sicher, ohne cd, oldtimer, otl.exe, performance, plug-in, realtek, registry, safer networking, saver, scan, sched.exe, senden, software, spielen, sptd.sys, start menu, studio, system, system neu, syswow64, temp, trojaner, trojaner eingefangen, visual studio, was tun, webcheck |
Linear-Darstellung
