| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.11.2010, 16:46
| #1 | ||
 |  TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hallo, ich bekomme seit gestern andauernd über Avira Antivir Personal folgende Meldung: Zitat:
Antivir zeigt mir folgenden Report an: Zitat:
sollten dazu noch Fragen aufkommen werde ich mich hier wieder melden |
|
30.11.2010, 18:35
| #2 | |
| |  TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? habe Malware jetzt installiert und laufen lassen (muss hier als Antwort weiterschreiben, habe keinen Edit-Button gefunden)
__________________folgender Bericht ist darauf erfolgt: Zitat:
die OTL-Log-Files sind folgende: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.11.2010 17:38:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,67 Gb Total Space | 2,40 Gb Free Space | 6,93% Space Free | Partition Type: NTFS
Drive D: | 30,09 Gb Total Space | 8,53 Gb Free Space | 28,35% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1989BD3F-B622-4C20-B5A3-BB096A183762}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32B4D375-2DA0-4C96-BAC4-67B28AF62F57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48B75604-ADBB-439D-BB46-D4EA1CAF9E0E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F5543F-6882-4662-8F8E-7E76BE88D62B}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{0B3E855D-EF32-4154-AB66-511B46ED1FAB}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{13EC6FAD-8525-42EB-A6CE-02FFC8D02A46}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{1813AC8A-5EA2-49F8-BB01-F591886ACB2C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{2130012F-218E-42CF-9113-7203FA32D0D9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{24F4C828-33CF-4983-B18F-7318B56CB05B}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{2A74DB8F-E330-4676-8B5A-B21C6B9F1DF9}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{309C99CB-8C58-451D-BBB5-50135F34550A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{319E8DAC-9A2D-4358-AACE-FFEFAF589BFD}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{3E6548D3-6694-45B7-9F3C-250BC800EC72}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{48C02FCC-9272-49D8-AD52-BA33678B88E5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{496C5AFD-816D-4FDA-B8E4-E3FE41FAF9EC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{49EFC1E8-574A-4C93-BD18-5B6B4E4AD4B9}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{4C53CD3B-D8F0-4F4E-B7F4-006A3D3C55AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4D72EEDA-CF63-4411-AD15-D72FDB56741F}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{52963725-08E4-4159-9B4F-7B7AC5CD4EDD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{553FF193-1F23-45C0-9340-C2C3D64BB7E0}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{5B5E5D72-8139-40E2-92A2-F28844E4787A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{5D81E75C-B9E6-471D-B224-68C604BC020B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F569E7B-40E0-4835-9B13-E1E9761DDFA8}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{95C405C3-8BE9-4479-B8BB-660E0141DB59}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{A703EB69-ACE4-46DD-8853-FA7E54C6744C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{B0074290-2285-44E6-8329-4FD15F86E353}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{BB44E6B7-A8AD-45E9-AA98-48E758E4DE3C}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C1EEB4A3-D390-468B-8298-826C19E0BA69}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{C5022444-7DF6-4FFB-B9A1-8992B0890D40}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{C687CDCB-17D8-4156-B2FD-B727C4DE5BB9}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{D0E37001-93B0-430D-BD31-290CAB6C6E71}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D2E99D38-45E6-4EAA-9D40-7ECF32806865}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{D52668C3-BBF7-4B7C-9445-8AC95CA3D348}" = protocol=17 | dir=in | app=d:\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{D8FEEF5D-1B3C-4A21-83C6-4D3687AFA267}" = protocol=6 | dir=in | app=d:\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{EB6BDAB2-9CD2-4A4D-A125-51284470BBFB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F96070F3-4963-4AB3-A822-5B436E2AD8EB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1F131C31-ACA9-454F-88C9-C4F3FF392A4C}D:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{820B2B54-881B-4C2B-AB1A-C970FF362597}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{91AA55C0-7F6D-45C9-B6BB-B5F22F8AEE91}C:\users\***\appdata\local\temp\blizzard launcher temporary - d6e04738\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - d6e04738\launcher.exe |
"TCP Query User{94AA4F56-28CA-4ADD-8AA7-AF671CCC2DDF}C:\users\***\desktop\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\wow-dede-installer-downloader.exe |
"TCP Query User{969A2D7D-2685-48FA-A00A-E3517614555C}C:\users\***\appdata\local\temp\blizzard launcher temporary - ed51aad0\launcher.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - ed51aad0\launcher.exe |
"TCP Query User{9EE71B49-78CB-420D-B1BF-1A5F7740E5C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A153775F-E625-41EB-9FDC-17A33440550B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AD0498A9-B415-4DC5-B3F0-976215BD2E03}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BB0B3562-643A-49D4-9465-3F2BBE99589C}C:\program files\hercules\classic link\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic link\station2.exe |
"TCP Query User{D85C9811-622E-4B4F-BD13-935FC604FFBA}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{E0C10A8E-A425-4FDD-92A0-E50767720D4E}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{E2267D64-D23D-4004-8B0F-15E3A4BBC640}D:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\world of warcraft\repair.exe |
"UDP Query User{066CD912-EC4C-4405-BB5D-C5350EC2A45C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{17A542E1-873B-473F-A768-D7EDFB004D2C}C:\program files\hercules\classic link\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic link\station2.exe |
"UDP Query User{23B10C5D-42E0-4604-A3E6-8391CBC19F4D}C:\users\***\appdata\local\temp\blizzard launcher temporary - ed51aad0\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - ed51aad0\launcher.exe |
"UDP Query User{643F0668-6123-4164-B38D-CEB089EF85A0}C:\users\***\appdata\local\temp\blizzard launcher temporary - d6e04738\launcher.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\blizzard launcher temporary - d6e04738\launcher.exe |
"UDP Query User{7718E45A-E516-4680-9D2C-E608E9490713}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{83A5925B-8054-49A4-AC56-2B10BFB0BB25}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{9148BC20-3F9B-44E8-B785-D21D182F4F41}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{986C58C4-4233-4785-93CE-A39D1795E67C}D:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{A6FBFB72-1686-4356-8DB5-D1DE1DC8B44A}D:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\world of warcraft\repair.exe |
"UDP Query User{C0A19488-5689-4121-BCD5-0D62A54066C7}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{DD6FDCDB-5BD2-4ED3-94FC-444133672F60}C:\users\***\desktop\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\wow-dede-installer-downloader.exe |
"UDP Query User{E71E297F-2A51-4EC7-8693-8290BB6A32DF}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B04E79D2-1117-4463-AE89-7483F7E1AB5C}" = VS2005 Redistributable Package
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"GridVista" = Acer GridVista
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tobit Radio.fx Server" = Radio.fx
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OpenOffice.org 1.1.1" = OpenOffice.org 1.1.1
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.11.2010 16:24:39 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 04:08:57 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 04:08:57 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 07:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 07:17:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 12:18:25 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 12:18:25 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 12:20:45 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 12:20:48 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.11.2010 12:36:12 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.17.3 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 39c Anfangszeit: 01cb90ab847f69cd Zeitpunkt der Beendigung:
172
[ System Events ]
Error - 29.11.2010 04:06:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2010 04:06:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2010 16:24:21 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 29.11.2010 16:24:21 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 04:08:41 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 04:08:41 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 07:16:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 07:16:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 12:18:01 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2010 12:18:01 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.11.2010 17:38:01 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,67 Gb Total Space | 2,40 Gb Free Space | 6,93% Space Free | Partition Type: NTFS Drive D: | 30,09 Gb Total Space | 8,53 Gb Free Space | 28,35% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kutsche\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Kutsche\AppData\Local\Temp\SwAXsXfiIH.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\OpenOffice.org1.1.1\program\soffice.exe (OpenOffice.org) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\eNetHook.dll (acer) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (odncvrym) -- C:\Windows\System32\drivers\odncvrym.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://web.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/german IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.kapihospital.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/***/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4b3e9eb0.pac" FF - prefs.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.04 12:21:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.04 12:21:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.04 12:21:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.04 12:21:10 | 000,000,000 | ---D | M] [2010.07.13 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.07.13 16:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.30 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dbjfm6pf.default\extensions [2009.06.25 13:53:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dbjfm6pf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.04 19:35:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dbjfm6pf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.02.25 09:09:29 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\dbjfm6pf.default\searchplugins\live-search.xml [2010.11.08 07:27:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.15 08:58:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 08:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.08 07:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.22 14:47:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.22 14:47:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.22 14:47:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.22 14:47:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.22 14:47:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\***\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe File not found O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [SwAXsXfiIH.exe] C:\Users\***\AppData\Local\Temp\SwAXsXfiIH.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 1.1.1.lnk = C:\Programme\OpenOffice.org1.1.1\program\quickstart.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img28.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img28.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.30 17:26:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.30 16:56:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.30 16:56:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.30 16:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.30 16:55:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.30 16:55:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.09 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2010.11.09 06:16:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Unity [2010.11.08 07:26:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.08 07:26:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.08 07:26:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.04 12:27:53 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.11.04 12:27:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.11.04 12:13:28 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2007.07.19 15:59:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010.11.30 17:39:34 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.11.30 17:26:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.30 17:25:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.30 17:25:57 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.11.30 17:25:57 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.30 17:25:57 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.30 17:25:57 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.30 17:18:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.30 17:18:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.30 17:17:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.11.30 17:17:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.30 17:16:11 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2010.11.30 17:16:11 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.11.30 17:16:09 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.11.30 16:56:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.30 12:17:19 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D4A7BC5-A621-4EE2-A5DC-8CDB76C59D7A}.job [2010.11.28 01:02:00 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.11 12:11:38 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.11.11 09:29:18 | 000,000,184 | ---- | M] () -- C:\Windows\System32\MRT.INI [2010.11.04 12:30:03 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.04 12:20:37 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2010.11.30 16:56:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.04 12:30:03 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.11.04 12:20:37 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.16 05:53:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2010.08.02 17:41:22 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.07.15 06:38:27 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.05.04 09:20:08 | 000,240,640 | ---- | C] () -- C:\Programme\verkleinerer17.exe [2010.04.25 16:07:04 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.01.18 09:27:53 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009.09.15 01:08:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.08.19 06:52:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.19 06:51:49 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.07.06 11:49:13 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2009.07.05 11:19:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.18 12:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll [2008.05.30 09:36:05 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.10.22 08:22:59 | 000,000,022 | ---- | C] () -- C:\ProgramData\C9B086CE-4A3B-11DB-8373-B622A1EF5492 [2007.09.15 22:30:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.09.01 14:30:55 | 000,000,083 | ---- | C] () -- C:\Users\***\AppData\Roaming\sversion.ini [2007.09.01 11:03:14 | 000,028,160 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.23 17:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.08.17 14:52:07 | 006,291,456 | -H-- | C] () -- C:\Users\***\AppData\Local\IconCache.db [2007.08.17 14:30:47 | 000,102,752 | ---- | C] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2007.07.25 22:41:38 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.07.25 22:41:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll [2007.07.25 13:08:42 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.25 13:08:42 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.25 13:06:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.07.20 02:55:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.20 00:57:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.07.19 15:59:54 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.06.19 14:25:08 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2007.04.20 11:36:52 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2007.04.20 11:36:52 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2007.04.20 11:36:52 | 000,000,041 | ---- | C] () -- C:\Windows\PreLaunch.ini [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:48:00 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2006.11.02 11:33:01 | 001,445,116 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 11:23:31 | 000,000,128 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.03.03 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acreon [2008.05.10 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imperium Romanum [2008.12.24 14:55:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MobMapUpdater [2010.08.10 10:48:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut [2008.12.18 13:04:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2008.12.18 12:55:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2007.10.22 09:21:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RTPlayer [2010.07.13 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.08.02 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2010.01.02 05:29:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunebite [2010.11.30 17:16:29 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.30 12:17:19 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0D4A7BC5-A621-4EE2-A5DC-8CDB76C59D7A}.job ========== Purity Check ========== < End of report > hatte die beiden Meldungen da, als der Scan fertig war, weiß aber nicht ob das jetzt beide die richtigen sind, da OTL einmal abgebrochen hatte wenn ihr jetzt noch Angaben von mir braucht, sagt es mir bitte (und auch wie und wo ich das finde, bin ja PC-Blondie  )ich hoffe ihr könnt mir helfen und schonmal vielen Dank im voraus für eure Mühe PS: da fällt mir direkt mal dazu noch ne Frage ein, ich gehe über WLAN ins Internet, beim Erarbeiten der oben genannten Files hatte ich den Browser (Firefox) geschlossen aber ich weiß nicht ob jetzt auch die Verbindung gekappt war, hatte an keiner Einstellung sonst was geändert wenn ich die Verbindung kappen soll, wie mache ich das? Kann ich das über die Systemsteuerung dann einfach deaktivieren? da hatte ich was gesehen, meine ich |
|
03.12.2010, 10:55
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt?Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
03.12.2010, 17:40
| #4 | |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hallo cosinus, vielen Dank für die Antwort. Hatte während des vollständigen Scan eine neue Virenmeldung von Antivir (das Vieh, welches jetzt hier im neuen Report angezeigt wird) Zitat:
Andere Malware-Reports gibt es nicht (auser dem im Vorpost von mir). Vielen Dank und liebe Grüße Delphina |
|
03.12.2010, 21:20
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
PRC - C:\Users\Kutsche\AppData\Local\Temp\SwAXsXfiIH.exe ()
DRV - (odncvrym) -- C:\Windows\System32\drivers\odncvrym.sys File not found
O4 - HKLM..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\***\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe File not found
O4 - HKCU..\Run: [SwAXsXfiIH.exe] C:\Users\***\AppData\Local\Temp\SwAXsXfiIH.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.12.2010, 17:04
| #6 | |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hallo cosinus, habe das jetzt ausgeführt, der Rechner wurde neu gestartet und folgendes LogFile ist erschienen: Zitat:
Ich muss auch mal danke für die guten Erklärungen sagen, auch ich als PC-Null komme gut damit klar Lg Delphina |
|
04.12.2010, 18:35
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.12.2010, 18:58
| #8 |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? danke für die schnelle Antwort, cosinus Habe mir jetzt die Anleitungen schonmal durchgelesen. Verstehe ich das richtig: 1. combofix nur runterladen 2. dann die CC-Cleaner-Systembereinigung abarbeiten 3. und dann erst combofix starten In dieser Reihenfolge? Ich frage da lieber nochmal vorsichtshalber nach. Ich denke, dass das was länger dauert, deshalb werde ich das frühestens morgen nachmittag oder am Montag abarbeiten können, da ich zur Zeit im Nachtdienst arbeite und tagsüber dementsprechend auch schlafen muss. Liebe Grüße und einen schönen 2. Advent Delphina |
|
04.12.2010, 19:00
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Ja so ist es richtig. Erst CCleaner, dann CF.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2010, 16:05
| #10 |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hallo cosinus, habe jetzt die letzten von dir empfohlenen Schritte erledigt (ging ja doch schneller als ich dachte) hier jetzt der Combofix-Text: Combofix Logfile: Code:
ATTFilter ComboFix 10-12-04.06 - *** 06.12.2010 14:55:50.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2038.1118 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-06 bis 2010-12-06 ))))))))))))))))))))))))))))))
.
2010-12-06 14:16 . 2010-12-06 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-06 13:34 . 2010-12-06 13:34 -------- d-----w- c:\program files\CCleaner
2010-12-04 15:19 . 2010-12-04 15:19 -------- d-----w- C:\_OTL
2010-12-03 08:14 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E408B74-A7C5-45ED-9DCD-93C117554FD7}\mpengine.dll
2010-11-30 15:56 . 2010-11-30 15:56 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-11-30 15:56 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-30 15:55 . 2010-11-30 15:55 -------- d-----w- c:\programdata\Malwarebytes
2010-11-30 15:55 . 2010-12-03 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 15:55 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 15:26 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-09 16:39 . 2010-11-09 16:39 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2010-11-09 05:16 . 2010-11-09 05:16 -------- d-----w- c:\users\***\AppData\Local\Unity
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 00:02 . 2009-03-18 08:35 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2009-10-03 08:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-17 22:28 . 2007-07-19 14:13 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-15 03:50 . 2010-04-15 07:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-13 14:34 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-13 14:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-13 14:34 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-13 14:34 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-05-04 08:20 . 2010-05-04 08:20 240640 ----a-w- c:\program files\verkleinerer17.exe
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"rfxsrvtray"="d:\tobit radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 1.1.1.lnk - c:\program files\OpenOffice.org1.1.1\program\quickstart.exe [2004-3-2 61440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-19 535336]
Radio.fx.LNK - d:\tobit radio.fx\Client\rfx-client.exe [2010-8-2 6808840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [2010-06-24 2450696]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-22 5120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 09:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{0D4A7BC5-A621-4EE2-A5DC-8CDB76C59D7A}.job
- c:\windows\system32\msfeedssync.exe [2008-05-30 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredimail.com/german
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dbjfm6pf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kapihospital.de/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dbjfm6pf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dbjfm6pf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-06 15:16
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'Explorer.exe'(3896)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Zeit der Fertigstellung: 2010-12-06 15:21:09
ComboFix-quarantined-files.txt 2010-12-06 14:20
Vor Suchlauf: 2.619.523.072 Bytes frei
Nach Suchlauf: 2.582.884.352 Bytes frei
- - End Of File - - FB530C6C25350BD79571D2DBFEC7D055
habe dazu noch Fragen bzw. Mitteilungen an dich 1. während des Suchlaufs von Combofix bekam ich eine Meldung dass PEV.cfxxe fehlerhaft sei und nicht reagieren täte 2. hat es seine Richtigkeit, dass ich nach nach Beenden von Combofix nichts machen konnte? Ich bekam immer eine Meldung das ein Registrierungsschlüssel gelöscht sei oder so ähnlich (hab mir den genauen Wortlaut nicht gemerkt; nach Neustart des Laptops lief alles normal ab 3. Ich denke es ist im Sinne des Erfinders, dass ich bevor ich wieder hier ins Internet ging, Avira und die Firewall wieder aktiviert habe das wärs erstmal wieder von mir, was ist der nächste Schritt? Liebe Grüße Delphina |
|
06.12.2010, 18:55
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Ja sowas ist mit CF durchaus normal, kann vorkommen. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2010, 21:35
| #12 |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hier die GMER-Datei: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-06 21:29:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB2O
Running: 947hgke3.exe; Driver: C:\Users\***\AppData\Local\Temp\kfldypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xAB32B480, 0x306DD, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
.text D:\Tobit Radio.fx\Server\rfx-server.exe[2228] kernel32.dll!SetUnhandledExceptionFilter 77C1A84F 5 Bytes JMP 0046F3C0 D:\Tobit Radio.fx\Server\rfx-server.exe
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!SetScrollRange 7726D185 5 Bytes JMP 10064D50 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!GetSysColorBrush 7726E21C 5 Bytes JMP 10057E50 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!GetScrollInfo 7726F073 7 Bytes JMP 10064C20 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!ShowScrollBar 7726F8AE 5 Bytes JMP 10064DA0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!SetScrollInfo 772771D8 7 Bytes JMP 10064CD0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!GetSysColor 77279BF6 5 Bytes JMP 10057E10 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!DrawFrameControl 7728676D 7 Bytes JMP 10056B80 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!EnableScrollBar 7728AF53 7 Bytes JMP 10064BE0 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!GetScrollPos 7729337D 5 Bytes JMP 10064C60 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!GetScrollRange 772934A5 5 Bytes JMP 10064C90 D:\Tobit Radio.fx\Client\TOBITCLT.dll
.text D:\Tobit Radio.fx\Client\rfx-tray.exe[2520] USER32.dll!SetScrollPos 77293602 5 Bytes JMP 10064D10 D:\Tobit Radio.fx\Client\TOBITCLT.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
mache mich jetzt an den nächsten Schritt |
|
06.12.2010, 22:09
| #13 |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? so, hier noch die anderen beiden Files: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:56:19 on 06.12.2010 OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "camfilt2" (camfilt2) - "Guillemot Corporation" - C:\Windows\System32\DRIVERS\camfilt2.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys "Hercules Classic Link" (PAC7302) - "PixArt Imaging Inc." - C:\Windows\System32\DRIVERS\PAC7302.SYS "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kfldypow" (kfldypow) - ? - C:\Users\***\AppData\Local\Temp\kfldypow.sys (Hidden registry entry, rootkit activity | File not found) "PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys "psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys "Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys (File not found) "{95808DC4-FA4A-4c74-92FE-5B863F82066B}" ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\CyberLink\PowerDVD\000.fcl [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} "PixiePack Codec Pack 0.10.6.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe (File found, but it contains no detailed information) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org1.1.1\program\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 1.1.1.lnk" - ? - C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "Radio.fx.LNK" - "Tobit.Software" - D:\Tobit Radio.fx\Client\rfx-client.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe "MsnMsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background "rfxsrvtray" - "Tobit.Software" - "D:\Tobit Radio.fx\Client\rfx-tray.exe" "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor MX870 series" - "CANON INC." - C:\Windows\system32\CNMLMA7.DLL "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL "Canon MP FAX Language Monitor MX870 series" - "Canon Inc." - C:\Windows\system32\CNCF2Lm.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe (File found, but it contains no detailed information) "Radio.fx Server" (Radio.fx) - ? - D:\Tobit Radio.fx\Server\rfx-server.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5220
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 161):
0x8481A000 \SystemRoot\system32\ntkrnlpa.exe
0x84BD3000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80788000 \SystemRoot\system32\drivers\intelide.sys
0x8078F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807CA000 \SystemRoot\System32\drivers\mountmgr.sys
0x84E06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x84ECD000 \SystemRoot\system32\drivers\atapi.sys
0x84ED5000 \SystemRoot\system32\drivers\ataport.SYS
0x84EF3000 \SystemRoot\system32\drivers\fltmgr.sys
0x84F25000 \SystemRoot\system32\drivers\fileinfo.sys
0x84F35000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x84F3E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A403000 \SystemRoot\system32\drivers\ndis.sys
0x8A50E000 \SystemRoot\system32\drivers\msrpc.sys
0x8A539000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A604000 \SystemRoot\System32\drivers\tcpip.sys
0x8A6EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A807000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A917000 \SystemRoot\system32\drivers\volsnap.sys
0x8A950000 \SystemRoot\System32\Drivers\spldr.sys
0x8A958000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8A96A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8A973000 \SystemRoot\System32\Drivers\mup.sys
0x8A982000 \SystemRoot\System32\drivers\ecache.sys
0x8A9A9000 \SystemRoot\system32\drivers\disk.sys
0x8A9BA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A9DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A7D0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A7D9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A7E8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E205000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EB04000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EBA5000 \SystemRoot\System32\drivers\watchdog.sys
0x8EBB1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EBBC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A7F1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EE06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EF19000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EF29000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EF37000 \SystemRoot\system32\drivers\tifm21.sys
0x8EF83000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EF9D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EFA1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFB4000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8EFBE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EFC9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFF4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A574000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EFF6000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x8A57F000 \SystemRoot\system32\drivers\irenum.sys
0x8A588000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EFFE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EE00000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8A5A0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x84FAF000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A5CF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A5DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A5F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x84FF0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805B9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805E2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EBFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F20E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F238000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F242000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F24F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F284000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F295000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F2D4000 \SystemRoot\system32\drivers\portcls.sys
0x8F301000 \SystemRoot\system32\drivers\drmk.sys
0x8F326000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8F402000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F505000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F5B9000 \SystemRoot\system32\drivers\modem.sys
0x8F5C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F5CF000 \SystemRoot\System32\Drivers\Null.SYS
0x8F5D6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F5DD000 \SystemRoot\System32\drivers\vga.sys
0x8F363000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F5E9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5F1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F384000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F38F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F39D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F3A6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F3BC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F80B000 \SystemRoot\system32\drivers\afd.sys
0x8F853000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F885000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F89B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F8A9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F8BC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F8C2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F8FE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F908000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F91F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F942000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F944000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F985000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F994000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A709000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x992B0000 \SystemRoot\System32\win32k.sys
0x8F9A1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F9AB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x994D0000 \SystemRoot\System32\TSDDD.dll
0x994F0000 \SystemRoot\System32\cdd.dll
0x8F9BA000 \SystemRoot\system32\drivers\luafv.sys
0x8F9D5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F3D0000 \SystemRoot\system32\DRIVERS\irda.sys
0x8F3EE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x83602000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8362C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x83636000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x83649000 \SystemRoot\system32\drivers\spsys.sys
0x836F9000 \SystemRoot\system32\drivers\HTTP.sys
0x83766000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x83783000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8379C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x837B1000 \SystemRoot\system32\drivers\mrxdav.sys
0x837D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB204000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB23D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB255000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB27D000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB2E3000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xAB36B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAB381000 \??\C:\Windows\system32\drivers\int15.sys
0xAB392000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE003000 \SystemRoot\system32\drivers\peauth.sys
0xAE0E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE0EB000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xAE0F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE0FE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE106000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xAE129000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAE132000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAE142000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAE14A000 \??\C:\Users\Kutsche\AppData\Local\Temp\kfldypow.sys
0xAE162000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0xAE1E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x77ED0000 \Windows\System32\ntdll.dll
Processes (total 86):
0 System Idle Process
4 System
416 C:\Windows\System32\smss.exe
484 csrss.exe
528 C:\Windows\System32\wininit.exe
536 csrss.exe
576 C:\Windows\System32\winlogon.exe
616 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\audiodg.exe
1216 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\dwm.exe
1660 C:\Windows\explorer.exe
1732 C:\Windows\System32\taskeng.exe
1764 C:\Windows\System32\spoolsv.exe
1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1848 C:\Windows\System32\svchost.exe
2032 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
340 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
444 C:\Program Files\Bonjour\mDNSResponder.exe
464 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
12 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
1332 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1448 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1440 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
680 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
1604 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
700 C:\Windows\System32\igfxsrvc.exe
1040 C:\Acer\Empowering Technology\eNet\eNet Service.exe
1476 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2056 C:\Acer\Mobility Center\MobilityService.exe
2128 C:\Windows\System32\svchost.exe
2228 D:\Tobit Radio.fx\Server\rfx-server.exe
2276 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2324 C:\Windows\System32\svchost.exe
2400 C:\Windows\System32\svchost.exe
2444 C:\Windows\System32\SearchIndexer.exe
2564 C:\Windows\System32\drivers\XAudio.exe
2588 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2628 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2788 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3108 WmiPrvSE.exe
3116 WmiPrvSE.exe
3236 unsecapp.exe
3736 C:\Windows\System32\taskeng.exe
3832 C:\Program Files\Launch Manager\LManager.exe
3868 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3888 C:\Windows\System32\igfxtray.exe
3916 C:\Windows\System32\hkcmd.exe
3964 C:\Windows\System32\igfxpers.exe
4004 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4044 C:\Program Files\iTunes\iTunesHelper.exe
300 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2540 C:\Program Files\Windows Sidebar\sidebar.exe
2520 D:\Tobit Radio.fx\Client\rfx-tray.exe
3460 C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe
3272 C:\Windows\System32\igfxext.exe
3072 C:\Acer\Empowering Technology\eNet\eNMTray.exe
3404 C:\Windows\System32\igfxsrvc.exe
3640 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2904 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
992 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
1496 C:\Program Files\Windows Sidebar\sidebar.exe
3792 C:\Program Files\iPod\bin\iPodService.exe
5560 C:\Windows\System32\taskeng.exe
5392 C:\Windows\System32\sdclt.exe
5236 C:\Windows\System32\svchost.exe
6032 C:\Program Files\Windows Defender\MSASCui.exe
2796 C:\Program Files\Mozilla Firefox\firefox.exe
5952 C:\Program Files\Mozilla Firefox\plugin-container.exe
4612 C:\Windows\System32\SearchProtocolHost.exe
4496 C:\Windows\System32\SearchFilterHost.exe
4972 dllhost.exe
4460 dllhost.exe
6080 C:\Users\***\Desktop\MBRCheck.exe
2256 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`1c100000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC70P
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
ich warte dann mal auf die nächsten Anweisungen von dir, die sind, wie schonmal gesagt, sehr verständlich, vielen Dank dafür |
|
06.12.2010, 22:40
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt?Zitat:
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2010, 22:57
| #15 |
| | TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? Hallo cosinus, habe nur Windows Vista drauf als Betriebssystem. Werde morgen die CD brennen (Vista war hier schon installiert und ich habe keine CD dazu bekommen) Was heißt genau von CD booten? Nach dem Brennen die CD im Laufwerk lassen und neu starten? Oder muss ich noch irgendwas dabei eingeben? Lg Delphina |
|
| Themen zu TR/Crypt.ZPACK.Gen von Avira Antivir Personal gefunden - was mache ich jetzt? |
| antivir, appdata, avira, csrss.exe, datei, desktop, dwm.exe, explorer.exe, firefox.exe, folge, frage, free, jusched.exe, lsass.exe, modul, namen, notepad.exe, nt.dll, programdata, programm, prozesse, services.exe, spoolsv.exe, suchergebnisse, svchost.exe, temp, tr/crypt.zpack.gen, trojanische pferd, virus, windows, winlogon.exe |
Linear-Darstellung
