Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen - was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.04.2011, 10:51   #1
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Hallo,

bin neu hier und hoffe ihr könnt mir helfen. Gestern hat sich der Trojaner TR/Crypt.ZPACK.Gen bei mir eingenistet . Bekam von Antivir sofort mehrere Meldungen das versch. Dateien infiziert und ins Quarantäneverzeichnis verschoben wurden. Habe sofort einen Scan gemacht und Antivir fand zwar nicht mehr diesen Trojaner aber dafür den Java-Virus: JAVA/Exdoer.BG.6 (wo ich mir den Trojaner eingefangen hab bekam ich auch eine Meldung wo was mit Java drin stand). Virus in die Quarantäne verschoben und System neu gestartet. Spybot laufen lassen: kein Fund , Antivir und Malewarebytes das gleiche, kein Fund.
So nun nutzte ich das Notebook aber auch für Onlinebanking usw. Weswegen ich mir nicht sicher bin was nun zu tun ist?
Habe mal die logfiles von otl und malewarebytes angehängt.
Muss ich das System neu drauf spielen? Dabei gäbe es allerdings ein kleines Problem. Das Notebook ist neu und ich hatte bis dahin noch keine recovery cd gemacht. Und glaube das geht auch ohne cd nicht. Das mit der Cd(bzw. es waren 3 dvd's) habe ich jetzt nachgeholt (Revocery-Ordner ist auf einer anderen Partition). Kann man die noch verwenden?


mfg
Tim


Hier erst mal die Funde von Antivir:
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\65mnmdz6.exe'
C:\Users\AA\AppData\Local\Temp\65mnmdz6.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a5cf3c5.qua' verschoben!
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache7716420238782651705.tmp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache7716420238782651705.tmp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1-temp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1-temp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1'
C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-4bb5d5b1
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52d7ddb0.qua' verschoben!
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\ueimigjc.exe'
C:\Users\AA\AppData\Local\Temp\ueimigjc.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0090875a.qua' verschoben!
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache5911348552403466951.tmp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache5911348552403466951.tmp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747-temp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747-temp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747'
C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-6695a747
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66bfc89a.qua' verschoben!
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\h2xjx56q.exe'
C:\Users\AA\AppData\Local\Temp\h2xjx56q.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '232ce473.qua' verschoben!
Beginne mit der Suche in 'C:\Users\AA\AppData\Local\Temp\jar_cache8855021323985939821.tmp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\Local\Temp\jar_cache8855021323985939821.tmp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd-temp'
Der zu durchsuchende Pfad C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd-temp konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd'
C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4cac3381-204bbafd
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5c20d7c5.qua' verschoben!

Nach Scan von Antivir:

C:\Users\AA\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\7560f91-15b864db
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.BG.6
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48eed1f7.qua' verschoben!


Malewarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6366

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.04.2011 06:28:51
mbam-log-2011-04-15 (06-28-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 414666
Laufzeit: 56 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.04.2011 10:57:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,73 Gb Total Space | 190,20 Gb Free Space | 81,73% Space Free | Partition Type: NTFS
Drive D: | 232,64 Gb Total Space | 217,58 Gb Free Space | 93,53% Space Free | Partition Type: NTFS
 
Computer Name: AA-TOSH | User Name: AA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe ()
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\Firefox [2010.11.16 19:42:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.11.16 19:42:16 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell - "" = AutoRun
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell\AutoRun\command - "" = G:\INTEL\startspk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.15 05:31:50 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Malwarebytes
[2011.04.15 05:31:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.15 05:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.15 05:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.15 05:31:36 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.15 05:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.15 02:32:30 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.15 02:32:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.15 02:32:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.15 02:32:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.15 02:32:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.15 02:32:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.15 02:32:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.15 02:32:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.15 02:32:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.15 02:32:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.15 02:32:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.15 02:32:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.15 02:32:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.15 02:32:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.15 02:32:03 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.15 02:32:03 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.15 02:32:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.15 02:32:03 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.15 02:32:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.15 02:32:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.15 02:32:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.15 02:32:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.15 02:32:02 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.15 02:32:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.15 02:32:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.15 02:32:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.15 02:32:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.15 02:31:40 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.15 02:31:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.15 02:31:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.15 02:31:36 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.15 02:31:36 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.15 02:31:36 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.15 02:31:36 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.15 02:31:35 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.15 02:31:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.15 02:31:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.15 02:31:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.11 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Avira
[2011.04.11 17:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.11 17:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.11 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.04.09 12:14:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.08 17:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro
[2011.04.08 17:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011.04.08 10:21:28 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\InstallShield
[2011.04.08 10:21:25 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\WinBatch
[2011.04.03 13:59:34 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Axialis
[2011.04.03 13:59:28 | 057,696,588 | ---- | C] (Axialis Software) -- C:\Windows\MAHLE_ScreenSaver.scr
[2011.04.01 22:46:13 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Adobe
[2011.03.31 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.03.31 22:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.31 22:40:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.03.31 22:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011.03.31 22:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.03.31 22:38:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.31 22:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.03.31 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Microsoft Help
[2011.03.31 22:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.31 22:37:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.31 22:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA
[2011.03.31 21:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2011.03.31 21:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dassault Systemes
[2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\DassaultSystemes
[2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\DassaultSystemes
[2011.03.31 21:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2011.03.31 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\DAEMON Tools Lite
[2011.03.31 21:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.03.31 21:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.31 21:29:56 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.31 21:29:56 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.31 21:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.31 21:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.31 19:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.03.31 08:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.03.31 07:59:47 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.03.31 07:59:47 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.03.31 07:59:47 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.03.31 07:59:47 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.03.31 07:59:47 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.03.31 07:59:47 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.03.31 07:59:47 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.03.31 07:59:47 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.03.31 07:59:41 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2011.03.30 14:42:33 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.30 14:42:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.30 14:42:32 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.30 14:42:32 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.30 14:42:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.30 14:42:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.30 14:42:32 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.30 14:42:32 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.30 14:42:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011.03.30 14:42:30 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011.03.30 14:42:30 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011.03.30 14:42:30 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011.03.30 14:42:30 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011.03.30 14:42:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011.03.30 14:42:30 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011.03.30 14:42:30 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011.03.30 14:42:24 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011.03.30 14:42:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.03.30 14:42:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.03.30 14:42:16 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.03.30 14:42:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.03.30 14:42:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.03.30 14:42:16 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.03.30 14:42:15 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.03.30 14:42:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.03.30 14:42:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.03.30 14:42:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.03.30 14:42:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.03.30 14:42:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.03.30 14:42:06 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.03.30 14:42:03 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.03.30 14:42:03 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.30 14:42:03 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.03.30 14:42:03 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.30 14:42:03 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.30 14:42:02 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.30 14:42:01 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.03.30 14:42:01 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.03.30 14:42:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.03.30 14:42:01 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.03.30 14:42:01 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.03.30 14:42:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.03.30 14:42:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.03.30 14:42:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.03.30 14:42:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.03.30 14:42:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.03.30 14:41:56 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011.03.30 14:41:56 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011.03.30 14:41:31 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.03.30 14:41:31 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.03.30 14:41:31 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.03.30 14:41:30 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.03.30 14:41:24 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.03.30 14:41:21 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.03.30 14:41:21 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.03.30 14:41:19 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011.03.30 14:41:18 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.30 14:41:18 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.30 14:41:18 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.30 14:41:18 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.29 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\TOSHIBA_Corporation
[2011.03.29 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Toshiba
[2011.03.29 17:24:48 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Adobe
[2011.03.29 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Nero
[2011.03.29 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\ATI
[2011.03.29 17:24:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\ATI
[2011.03.29 17:24:06 | 000,000,000 | R--D | C] -- C:\Users\AA\Searches
[2011.03.29 17:24:06 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.03.29 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Identities
[2011.03.29 17:23:55 | 000,000,000 | R--D | C] -- C:\Users\AA\Contacts
[2011.03.29 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\VirtualStore
[2011.03.29 17:20:50 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Toshiba
[2011.03.29 17:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Vorlagen
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Verlauf
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Temporary Internet Files
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Startmenü
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\SendTo
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Recent
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Netzwerkumgebung
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Lokale Einstellungen
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Videos
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Musik
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Eigene Dateien
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Documents\Eigene Bilder
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Druckumgebung
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Cookies
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\AppData\Local\Anwendungsdaten
[2011.03.29 17:15:10 | 000,000,000 | -HSD | C] -- C:\Users\AA\Anwendungsdaten
[2011.03.29 17:15:09 | 000,000,000 | --SD | C] -- C:\Users\AA\AppData\Roaming\Microsoft
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Videos
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Saved Games
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Pictures
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Music
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Links
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Favorites
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Downloads
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Documents
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\Desktop
[2011.03.29 17:15:09 | 000,000,000 | R--D | C] -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.29 17:15:09 | 000,000,000 | -H-D | C] -- C:\Users\AA\AppData
[2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Temp
[2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Local\Microsoft
[2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Media Center Programs
[2011.03.29 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\AA\AppData\Roaming\Macromedia
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.29 17:14:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.15 09:59:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 09:59:53 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 09:54:55 | 000,002,046 | ---- | M] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011.04.15 09:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.15 09:51:57 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.15 05:31:42 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.15 03:21:05 | 000,425,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.10 19:14:20 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.10 19:14:20 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.10 19:14:20 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.10 19:14:20 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.10 19:14:20 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.10 19:10:46 | 000,425,252 | ---- | M] () -- C:\Users\AA\Documents\test2.CATPart
[2011.04.10 12:40:54 | 000,076,037 | ---- | M] () -- C:\Users\AA\Documents\test1.CATPart
[2011.04.09 12:14:25 | 387,259,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.04 21:57:12 | 000,000,825 | ---- | M] () -- C:\Users\AA\Desktop\Studium - Verknüpfung.lnk
[2011.04.03 13:55:20 | 057,696,588 | ---- | M] (Axialis Software) -- C:\Windows\MAHLE_ScreenSaver.scr
[2011.03.31 22:09:54 | 000,002,488 | ---- | M] () -- C:\Users\Public\Desktop\CATIA V5R19.lnk
[2011.03.31 21:52:25 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.03.31 21:47:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.31 21:30:02 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.31 15:39:01 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2011.03.29 17:12:52 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.03.29 17:12:52 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.03.29 17:11:21 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite L650_13467-GR_PSK1JE-0EW00.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.15 05:31:42 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.10 19:10:45 | 000,425,252 | ---- | C] () -- C:\Users\AA\Documents\test2.CATPart
[2011.04.10 12:40:54 | 000,076,037 | ---- | C] () -- C:\Users\AA\Documents\test1.CATPart
[2011.04.09 12:14:25 | 387,259,715 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.04 21:57:35 | 000,000,825 | ---- | C] () -- C:\Users\AA\Desktop\Studium - Verknüpfung.lnk
[2011.03.31 22:09:54 | 000,002,488 | ---- | C] () -- C:\Users\Public\Desktop\CATIA V5R19.lnk
[2011.03.31 21:52:25 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.03.31 21:47:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.31 21:30:02 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.31 15:39:01 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2011.03.29 17:24:07 | 000,001,450 | ---- | C] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.03.29 17:15:09 | 000,002,046 | ---- | C] () -- C:\Users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011.03.29 17:11:21 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\TOSHIBA_Satellite L650_13467-GR_PSK1JE-0EW00.MRK
[2011.01.23 23:56:31 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010.11.17 10:00:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.16 18:01:20 | 000,002,012 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
< End of report >
         
--- --- ---

Alt 15.04.2011, 11:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 15.04.2011, 12:10   #3
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Nein, da ist nur diese eine Logdatei gespeichert.
__________________

Alt 15.04.2011, 13:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell - "" = AutoRun
O33 - MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\Shell\AutoRun\command - "" = G:\INTEL\startspk.exe
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 14:42   #5
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



So ist gemacht:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81804919-5bd0-11e0-b602-00266ca7d88c}\ not found.
File G:\INTEL\startspk.exe not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\npwinext.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: AA
->Temp folder emptied: 34436843 bytes
->Temporary Internet Files folder emptied: 145139337 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 62904 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4235191 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 175,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04152011_153530

Files\Folders moved on Reboot...
C:\Users\AA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Alt 15.04.2011, 15:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf die Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> TR/Crypt.ZPACK.Gen - was tun?

Alt 15.04.2011, 16:35   #7
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



So ist gemacht:

2011/04/15 17:30:50.0256 5596 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 17:30:50.0271 5596 ================================================================================
2011/04/15 17:30:50.0271 5596 SystemInfo:
2011/04/15 17:30:50.0271 5596
2011/04/15 17:30:50.0271 5596 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/15 17:30:50.0271 5596 Product type: Workstation
2011/04/15 17:30:50.0271 5596 ComputerName: AA-TOSH
2011/04/15 17:30:50.0271 5596 UserName: AA
2011/04/15 17:30:50.0271 5596 Windows directory: C:\Windows
2011/04/15 17:30:50.0271 5596 System windows directory: C:\Windows
2011/04/15 17:30:50.0271 5596 Running under WOW64
2011/04/15 17:30:50.0271 5596 Processor architecture: Intel x64
2011/04/15 17:30:50.0271 5596 Number of processors: 4
2011/04/15 17:30:50.0271 5596 Page size: 0x1000
2011/04/15 17:30:50.0271 5596 Boot type: Normal boot
2011/04/15 17:30:50.0271 5596 ================================================================================
2011/04/15 17:30:50.0661 5596 Initialize success
2011/04/15 17:30:54.0780 5008 ================================================================================
2011/04/15 17:30:54.0780 5008 Scan started
2011/04/15 17:30:54.0780 5008 Mode: Manual;
2011/04/15 17:30:54.0780 5008 ================================================================================
2011/04/15 17:30:56.0106 5008 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/15 17:30:56.0230 5008 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/15 17:30:56.0340 5008 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/15 17:30:56.0480 5008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/15 17:30:56.0589 5008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/15 17:30:56.0714 5008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/15 17:30:56.0854 5008 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/15 17:30:56.0964 5008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/15 17:30:57.0088 5008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/15 17:30:57.0182 5008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/15 17:30:57.0260 5008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/15 17:30:57.0541 5008 amdkmdag (f05b22ce901fc26ae55a1a27aa674d96) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/15 17:30:57.0775 5008 amdkmdap (ed25d58581b5a28593c277f482fccd62) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/15 17:30:57.0822 5008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/15 17:30:57.0931 5008 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/15 17:30:58.0040 5008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/15 17:30:58.0102 5008 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/15 17:30:58.0243 5008 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/15 17:30:58.0368 5008 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/15 17:30:58.0446 5008 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/15 17:30:58.0477 5008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/15 17:30:58.0555 5008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/15 17:30:58.0695 5008 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/15 17:30:58.0898 5008 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/15 17:30:58.0945 5008 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/15 17:30:59.0101 5008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/15 17:30:59.0163 5008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/15 17:30:59.0304 5008 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/04/15 17:30:59.0382 5008 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/15 17:30:59.0428 5008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/15 17:30:59.0475 5008 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/15 17:30:59.0522 5008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/15 17:30:59.0553 5008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/15 17:30:59.0616 5008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/15 17:30:59.0647 5008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/15 17:30:59.0678 5008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/15 17:30:59.0694 5008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/15 17:30:59.0740 5008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/15 17:30:59.0803 5008 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/15 17:30:59.0928 5008 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/15 17:31:00.0006 5008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/15 17:31:00.0068 5008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/15 17:31:00.0193 5008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/15 17:31:00.0224 5008 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/15 17:31:00.0271 5008 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/15 17:31:00.0349 5008 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\Windows\system32\drivers\CHDRT64.sys
2011/04/15 17:31:00.0442 5008 CnxtHdmiAudService (89c99ab4ae9535f727791592d84d4821) C:\Windows\system32\drivers\CHDMI64.sys
2011/04/15 17:31:00.0536 5008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/15 17:31:00.0583 5008 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/15 17:31:00.0630 5008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/15 17:31:00.0708 5008 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/15 17:31:00.0801 5008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/15 17:31:00.0848 5008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/15 17:31:00.0910 5008 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/15 17:31:00.0973 5008 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/15 17:31:01.0113 5008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/15 17:31:01.0332 5008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/15 17:31:01.0394 5008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/15 17:31:01.0472 5008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/15 17:31:01.0534 5008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/15 17:31:01.0628 5008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/15 17:31:01.0690 5008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/15 17:31:01.0753 5008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/15 17:31:01.0800 5008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/15 17:31:01.0862 5008 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/15 17:31:01.0940 5008 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/15 17:31:01.0987 5008 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/15 17:31:02.0065 5008 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/15 17:31:02.0127 5008 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/04/15 17:31:02.0174 5008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/15 17:31:02.0236 5008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/15 17:31:02.0283 5008 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/15 17:31:02.0361 5008 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/15 17:31:02.0392 5008 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/04/15 17:31:02.0424 5008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/15 17:31:02.0455 5008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/15 17:31:02.0502 5008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/15 17:31:02.0548 5008 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/15 17:31:02.0611 5008 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/15 17:31:02.0673 5008 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/15 17:31:02.0736 5008 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/15 17:31:02.0751 5008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/15 17:31:02.0829 5008 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/15 17:31:02.0892 5008 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/15 17:31:02.0938 5008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/15 17:31:02.0970 5008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/15 17:31:03.0032 5008 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/15 17:31:03.0079 5008 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/15 17:31:03.0126 5008 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/15 17:31:03.0157 5008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/15 17:31:03.0204 5008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/15 17:31:03.0235 5008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/15 17:31:03.0297 5008 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/15 17:31:03.0328 5008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/15 17:31:03.0375 5008 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/15 17:31:03.0422 5008 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/15 17:31:03.0438 5008 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/15 17:31:03.0484 5008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/15 17:31:03.0594 5008 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/04/15 17:31:03.0687 5008 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/15 17:31:03.0796 5008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/15 17:31:03.0859 5008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/15 17:31:03.0874 5008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/15 17:31:03.0921 5008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/15 17:31:03.0952 5008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/15 17:31:03.0999 5008 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
2011/04/15 17:31:04.0046 5008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/15 17:31:04.0077 5008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/15 17:31:04.0124 5008 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/15 17:31:04.0171 5008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/15 17:31:04.0264 5008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/15 17:31:04.0327 5008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/15 17:31:04.0389 5008 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/15 17:31:04.0436 5008 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/15 17:31:04.0467 5008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/15 17:31:04.0530 5008 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/15 17:31:04.0623 5008 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/15 17:31:04.0686 5008 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/15 17:31:04.0748 5008 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/15 17:31:04.0810 5008 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/15 17:31:04.0873 5008 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/15 17:31:04.0935 5008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/15 17:31:04.0982 5008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/15 17:31:05.0044 5008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/15 17:31:05.0122 5008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/15 17:31:05.0169 5008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/15 17:31:05.0216 5008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/15 17:31:05.0278 5008 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/15 17:31:05.0341 5008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/15 17:31:05.0388 5008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/15 17:31:05.0434 5008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/15 17:31:05.0481 5008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/15 17:31:05.0590 5008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/15 17:31:05.0684 5008 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/15 17:31:05.0809 5008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/15 17:31:05.0856 5008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/15 17:31:05.0934 5008 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/15 17:31:05.0965 5008 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/15 17:31:06.0012 5008 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/15 17:31:06.0058 5008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/15 17:31:06.0090 5008 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/15 17:31:06.0230 5008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/15 17:31:06.0277 5008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/15 17:31:06.0339 5008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/15 17:31:06.0417 5008 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/15 17:31:06.0511 5008 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/15 17:31:06.0573 5008 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/15 17:31:06.0636 5008 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/15 17:31:06.0682 5008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/15 17:31:06.0729 5008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/15 17:31:06.0838 5008 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/15 17:31:06.0901 5008 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/15 17:31:06.0948 5008 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/15 17:31:06.0994 5008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/15 17:31:07.0057 5008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/15 17:31:07.0104 5008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/15 17:31:07.0166 5008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/15 17:31:07.0291 5008 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/04/15 17:31:07.0447 5008 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/15 17:31:07.0478 5008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/15 17:31:07.0540 5008 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/15 17:31:07.0618 5008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/15 17:31:07.0696 5008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/15 17:31:07.0728 5008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/15 17:31:07.0759 5008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/15 17:31:07.0852 5008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/15 17:31:07.0899 5008 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/15 17:31:07.0930 5008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/15 17:31:07.0977 5008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/15 17:31:08.0024 5008 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/15 17:31:08.0055 5008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/15 17:31:08.0102 5008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/15 17:31:08.0149 5008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/15 17:31:08.0227 5008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/15 17:31:08.0274 5008 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/15 17:31:08.0336 5008 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/04/15 17:31:08.0461 5008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/15 17:31:08.0523 5008 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/15 17:31:08.0570 5008 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/15 17:31:08.0710 5008 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/15 17:31:08.0835 5008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/15 17:31:08.0929 5008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/15 17:31:08.0976 5008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/15 17:31:09.0022 5008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/15 17:31:09.0100 5008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/15 17:31:09.0163 5008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/15 17:31:09.0210 5008 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/15 17:31:09.0256 5008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/15 17:31:09.0334 5008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/15 17:31:09.0397 5008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/15 17:31:09.0475 5008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/15 17:31:09.0553 5008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/15 17:31:09.0646 5008 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/04/15 17:31:09.0646 5008 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/04/15 17:31:09.0646 5008 sptd - detected Locked file (1)
2011/04/15 17:31:09.0709 5008 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/15 17:31:09.0771 5008 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/15 17:31:09.0818 5008 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/15 17:31:09.0880 5008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/15 17:31:09.0943 5008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/15 17:31:10.0068 5008 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/15 17:31:10.0192 5008 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/15 17:31:10.0348 5008 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/15 17:31:10.0426 5008 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/15 17:31:10.0504 5008 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/15 17:31:10.0551 5008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/15 17:31:10.0582 5008 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/15 17:31:10.0676 5008 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/15 17:31:10.0738 5008 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/15 17:31:11.0035 5008 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/15 17:31:11.0160 5008 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/15 17:31:11.0238 5008 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/15 17:31:11.0300 5008 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/15 17:31:11.0347 5008 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/15 17:31:11.0378 5008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/15 17:31:11.0425 5008 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/15 17:31:11.0487 5008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/15 17:31:11.0550 5008 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/15 17:31:11.0596 5008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/15 17:31:11.0659 5008 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/15 17:31:11.0706 5008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/15 17:31:11.0737 5008 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/15 17:31:11.0799 5008 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/15 17:31:11.0846 5008 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/15 17:31:11.0877 5008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/15 17:31:11.0908 5008 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/15 17:31:11.0940 5008 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/15 17:31:12.0018 5008 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/15 17:31:12.0158 5008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/15 17:31:12.0205 5008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/15 17:31:12.0252 5008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/15 17:31:12.0298 5008 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/15 17:31:12.0345 5008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/15 17:31:12.0408 5008 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/15 17:31:12.0454 5008 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/15 17:31:12.0517 5008 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/15 17:31:12.0595 5008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/15 17:31:12.0642 5008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/15 17:31:12.0720 5008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/15 17:31:12.0829 5008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/15 17:31:12.0891 5008 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/15 17:31:12.0922 5008 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/15 17:31:13.0032 5008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/15 17:31:13.0094 5008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/15 17:31:13.0281 5008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/15 17:31:13.0328 5008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/15 17:31:13.0484 5008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/15 17:31:13.0593 5008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/15 17:31:13.0702 5008 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/15 17:31:13.0765 5008 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/15 17:31:13.0858 5008 ================================================================================
2011/04/15 17:31:13.0858 5008 Scan finished
2011/04/15 17:31:13.0858 5008 ================================================================================
2011/04/15 17:31:13.0874 5204 Detected object count: 1
2011/04/15 17:31:53.0295 5204 Locked file(sptd) - User select action: Skip

Alt 15.04.2011, 18:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



SPTD ist ok. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 20:23   #9
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



So das ist auch erledigt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-14.03 - AA 15.04.2011  21:03:43.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3959.2625 [GMT 2:00]
ausgeführt von:: c:\users\AA\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-15 bis 2011-04-15  ))))))))))))))))))))))))))))))
.
.
2011-04-15 19:08 . 2011-04-15 19:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-15 15:55 . 2011-04-15 15:55	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-04-15 12:15 . 2011-03-23 08:11	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B92A1D0-3B55-4D02-B25E-D2AEA4E05980}\mpengine.dll
2011-04-15 11:58 . 2011-04-15 11:58	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-04-15 11:57 . 2011-04-15 11:57	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-04-15 11:57 . 2011-04-15 11:57	--------	d-----w-	c:\program files (x86)\Java
2011-04-15 11:08 . 2011-02-19 06:37	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-04-15 11:08 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-04-15 11:08 . 2011-02-19 06:37	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-04-15 11:08 . 2011-02-19 06:36	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-04-15 11:08 . 2011-02-19 05:32	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-04-15 03:31 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-15 03:31 . 2011-04-15 03:31	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-15 03:31 . 2011-04-15 03:31	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-15 03:31 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-15 00:31 . 2011-03-03 06:17	182272	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-11 15:52 . 2011-04-11 15:57	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-11 15:52 . 2011-04-11 15:53	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-04-08 15:12 . 2011-04-08 15:12	--------	d-----w-	c:\programdata\TOSHIBA Tempro
2011-04-08 15:12 . 2011-04-08 15:12	--------	d-----w-	c:\programdata\IsolatedStorage
2011-04-03 11:59 . 2011-04-03 11:55	57696588	----a-w-	c:\windows\MAHLE_ScreenSaver.scr
2011-04-01 11:21 . 2011-02-02 16:11	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-03-31 20:40 . 2011-03-31 20:40	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-03-31 20:39 . 2011-03-31 20:39	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-03-31 20:38 . 2011-03-31 20:38	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-03-31 20:38 . 2011-03-31 20:38	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-03-31 20:37 . 2011-03-31 20:42	--------	d-----w-	c:\programdata\Microsoft Help
2011-03-31 20:37 . 2011-03-31 20:37	--------	d-----r-	C:\MSOCache
2011-03-31 19:57 . 2011-03-31 19:57	--------	d-----w-	c:\program files (x86)\Dassault Systemes
2011-03-31 19:56 . 2011-03-31 19:57	--------	d-----w-	c:\programdata\DassaultSystemes
2011-03-31 19:52 . 2011-03-31 19:52	834544	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-03-31 19:51 . 2011-03-31 19:51	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2011-03-31 19:29 . 2011-03-04 12:36	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-03-31 19:29 . 2011-03-04 12:36	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-31 19:29 . 2011-03-31 19:29	--------	d-----w-	c:\programdata\Avira
2011-03-31 19:29 . 2011-03-31 19:29	--------	d-----w-	c:\program files (x86)\Avira
2011-03-31 17:05 . 2011-03-31 20:39	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-03-31 06:02 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-03-31 06:02 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-03-31 06:00 . 2011-03-31 06:00	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2011-03-31 05:59 . 2009-11-25 10:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-31 05:59 . 2009-11-25 10:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2011-03-31 05:59 . 2009-11-25 10:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2011-03-31 05:59 . 2009-11-25 10:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2011-03-31 05:59 . 2009-11-25 10:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2011-03-31 05:59 . 2009-11-25 10:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2011-03-31 05:59 . 2009-11-25 10:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-03-31 05:59 . 2009-11-25 10:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2011-03-31 05:59 . 2009-11-25 10:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2011-03-31 05:59 . 2009-11-25 10:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-03-31 05:59 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2011-03-30 12:56 . 2011-03-30 12:56	181608	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-03-30 12:41 . 2010-10-16 05:19	395776	----a-w-	c:\windows\system32\webio.dll
2011-03-29 15:15 . 2011-03-29 15:15	--------	d-----w-	c:\programdata\ToshibaEurope
2011-03-29 15:15 . 2011-03-29 15:24	--------	d-----w-	c:\users\AA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-31 05:54 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-23 21:46 . 2011-01-23 21:46	95472	----a-w-	c:\windows\system32\bcmwlcoi.dll
2011-01-23 21:46 . 2011-01-23 21:46	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2011-01-23 21:46 . 2011-01-23 21:46	3891200	----a-w-	c:\windows\system32\bcmihvsrv64.dll
2011-01-23 21:46 . 2011-01-23 21:46	3555840	----a-w-	c:\windows\system32\bcmihvui64.dll
2011-01-23 21:46 . 2011-01-23 21:46	3058168	----a-w-	c:\windows\system32\drivers\BCMWL664.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe" [2010-03-04 243032]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-02 1234216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\AA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-05-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-15  21:11:24
ComboFix-quarantined-files.txt  2011-04-15 19:11
.
Vor Suchlauf: 9 Verzeichnis(se), 205.158.961.152 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 204.447.891.456 Bytes frei
.
- - End Of File - - 476713070AE1B9D1C0EAFEEF958C3FA5
         
--- --- ---

Alt 15.04.2011, 20:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.04.2011, 22:18   #11
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 23:16:48
Windows 6.1.7600  
Running: zikchyjt.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x40 0xF5 0xE5 0x24 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0xD4 0xC3 0x97 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x40 0xF5 0xE5 0x24 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 16.04.2011, 11:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Und das vonMBRcheck?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2011, 12:23   #13
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



ups...hatte ich glatt vergessen...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L650
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x02A5A000 \SystemRoot\system32\ntoskrnl.exe
0x02A11000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00CB4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CF8000 \SystemRoot\system32\PSHED.dll
0x00D0C000 \SystemRoot\system32\CLFS.SYS
0x00EEF000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010A7000 \SystemRoot\System32\Drivers\sphq.sys
0x011CD000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\pci.sys
0x011D6000 \SystemRoot\System32\drivers\partmgr.sys
0x011EB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FAF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC4000 \SystemRoot\System32\drivers\mountmgr.sys
0x0109D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012CD000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014D5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x014DE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01508000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01513000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0151E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0156A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01657000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0157E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x0161A000 \SystemRoot\System32\drivers\pcw.sys
0x0162B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01822000 \SystemRoot\system32\drivers\ndis.sys
0x01914000 \SystemRoot\system32\drivers\NETIO.SYS
0x01974000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
0x0199F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x019E9000 \SystemRoot\system32\DRIVERS\wd.sys
0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019F1000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x019F6000 \SystemRoot\System32\Drivers\spldr.sys
0x00DC6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01800000 \SystemRoot\System32\Drivers\mup.sys
0x01812000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01635000 \SystemRoot\system32\DRIVERS\disk.sys
0x00C3A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0425F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04289000 \SystemRoot\System32\Drivers\Null.SYS
0x04292000 \SystemRoot\System32\Drivers\Beep.SYS
0x04299000 \SystemRoot\System32\drivers\vga.sys
0x042A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042CC000 \SystemRoot\System32\drivers\watchdog.sys
0x042DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x042EE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x042F7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04302000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04313000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04331000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0433E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E2C000 \SystemRoot\system32\drivers\afd.sys
0x02EB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EBF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02EE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02EFB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F0A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F25000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F39000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02F8A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02F96000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FA1000 \??\C:\Windows\system32\drivers\LUMDriver.sys
0x02FAB000 \SystemRoot\System32\drivers\discache.sys
0x02FBA000 \SystemRoot\System32\Drivers\dfsc.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E00000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04383000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02E22000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x02FE9000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x043A9000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04AB6000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x086AD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x087A1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x08600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x08624000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x08635000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x08646000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x087E7000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x044D8000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x047C7000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x047D4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x047D9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0440F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04461000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04463000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04472000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x0447A000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04484000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0449A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x044AA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05161000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x044C0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05185000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x051CF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A1A000 \SystemRoot\system32\DRIVERS\ks.sys
0x04A5D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05219000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05273000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05288000 \SystemRoot\system32\drivers\CHDMI64.sys
0x0533C000 \SystemRoot\system32\drivers\portcls.sys
0x05379000 \SystemRoot\system32\drivers\drmk.sys
0x0539B000 \SystemRoot\system32\drivers\ksthunk.sys
0x05AC1000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05B74000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x05B91000 \SystemRoot\System32\drivers\Dxapi.sys
0x05B9D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05BAB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05BC4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05BCD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05BDA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A2E000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x05A35000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04000000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05A43000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00550000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x05A56000 \SystemRoot\system32\drivers\luafv.sys
0x05A79000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05A96000 \SystemRoot\system32\drivers\WudfPf.sys
0x05BE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x053A1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05200000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04A6F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06644000 \SystemRoot\system32\drivers\HTTP.sys
0x0670C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0672A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06742000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0676F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x067BD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07CA0000 \SystemRoot\system32\drivers\peauth.sys
0x07D46000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07D51000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07D7E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07D90000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C00000 \SystemRoot\System32\DRIVERS\srv.sys
0x77520000 \Windows\System32\ntdll.dll
0x47D80000 \Windows\System32\smss.exe
0xFF840000 \Windows\System32\apisetschema.dll
0xFFF90000 \Windows\System32\autochk.exe
0xFF7E0000 \Windows\System32\Wldap32.dll
0xFF740000 \Windows\System32\clbcatq.dll
0xFF6F0000 \Windows\System32\ws2_32.dll
0xFF670000 \Windows\System32\shlwapi.dll
0xFF650000 \Windows\System32\sechost.dll
0x77420000 \Windows\System32\user32.dll
0xFF640000 \Windows\System32\lpk.dll
0xFF560000 \Windows\System32\oleaut32.dll
0x776F0000 \Windows\System32\psapi.dll
0xFF4C0000 \Windows\System32\msvcrt.dll
0xFE730000 \Windows\System32\shell32.dll
0x77300000 \Windows\System32\kernel32.dll
0xFE650000 \Windows\System32\advapi32.dll
0xFE630000 \Windows\System32\imagehlp.dll
0xFE500000 \Windows\System32\rpcrt4.dll
0xFE490000 \Windows\System32\gdi32.dll
0xFE410000 \Windows\System32\difxapi.dll
0xFE3E0000 \Windows\System32\imm32.dll
0xFE340000 \Windows\System32\comdlg32.dll
0xFE130000 \Windows\System32\ole32.dll
0x776E0000 \Windows\System32\normaliz.dll
0xFE000000 \Windows\System32\wininet.dll
0xFDDA0000 \Windows\System32\iertutil.dll
0xFDC20000 \Windows\System32\urlmon.dll
0xFDA40000 \Windows\System32\setupapi.dll
0xFDA30000 \Windows\System32\nsi.dll
0xFD920000 \Windows\System32\msctf.dll
0xFD850000 \Windows\System32\usp10.dll
0xFD810000 \Windows\System32\cfgmgr32.dll
0xFD6A0000 \Windows\System32\crypt32.dll
0xFD600000 \Windows\System32\comctl32.dll
0xFD5E0000 \Windows\System32\devobj.dll
0xFD570000 \Windows\System32\KernelBase.dll
0xFD530000 \Windows\System32\wintrust.dll
0xFD520000 \Windows\System32\msasn1.dll

Processes (total 83):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
452 csrss.exe
528 C:\Windows\System32\wininit.exe
552 csrss.exe
584 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\atieclxx.exe
1188 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\wlanext.exe
1344 C:\Windows\System32\conhost.exe
1448 C:\Windows\System32\spoolsv.exe
1476 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1556 C:\Windows\System32\taskhost.exe
1640 C:\Windows\System32\dwm.exe
1672 C:\Windows\explorer.exe
1756 C:\Windows\System32\svchost.exe
2032 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1292 C:\Windows\System32\svchost.exe
1776 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1948 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1552 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
1936 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1700 C:\Windows\System32\conhost.exe
2236 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2252 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
2276 C:\Windows\System32\TODDSrv.exe
2308 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2400 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2456 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2512 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2776 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
2784 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2840 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2868 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
3036 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
608 C:\Program Files\TOSHIBA\TECO\Teco.exe
2144 C:\Program Files\Windows Sidebar\sidebar.exe
3320 C:\Windows\System32\SearchIndexer.exe
3452 C:\Windows\System32\svchost.exe
3624 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1399.0\mswinext.exe
3728 C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
3900 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3932 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3992 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
4012 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4084 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3988 C:\Windows\System32\taskeng.exe
4412 C:\Program Files\Windows Media Player\wmpnetwk.exe
4556 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
4676 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4868 C:\Windows\System32\svchost.exe
5056 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
5932 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
3044 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
760 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
5896 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
5856 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
3496 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4596 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
5832 C:\Program Files (x86)\Nero\Update\NASvc.exe
5916 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
3908 C:\Windows\System32\svchost.exe
4860 C:\Windows\System32\wuauclt.exe
2960 WmiPrvSE.exe
5260 C:\Windows\System32\audiodg.exe
3676 dllhost.exe
4408 dllhost.exe
5220 C:\Users\AA\Downloads\MBRCheck.exe
3840 C:\Windows\System32\conhost.exe
5800 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`47800000 (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0001TSM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Alt 16.04.2011, 14:11   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2011, 23:40   #15
tim82
 
TR/Crypt.ZPACK.Gen - was tun? - Standard

TR/Crypt.ZPACK.Gen - was tun?



Hier:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6375

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.04.2011 20:53:09
mbam-log-2011-04-16 (20-53-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 416758
Laufzeit: 58 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


UPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 04/16/2011 bei 11:56 PM

Version der Applikation : 4.50.1002

Version der Kern-Datenbank : 6854
Version der Spur-Datenbank : 4666

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:40:52

Gescannte Speicherelemente : 838
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 13982
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 256840
Erfasste Datei-Elemente : 0

Antwort

Themen zu TR/Crypt.ZPACK.Gen - was tun?
adobe, alert, analysis, antivir, autorun, avg, avgntflt.sys, avira, bho, browser, chdrt64.sys, desktop, document, ebanking, error, explorer, firefox, format, helper, home, iastor.sys, jar_cache, kein fund, location, media center, mozilla, nicht sicher, ohne cd, oldtimer, otl.exe, performance, plug-in, realtek, registry, safer networking, saver, scan, sched.exe, senden, software, spielen, sptd.sys, start menu, studio, system, system neu, syswow64, temp, trojaner, trojaner eingefangen, visual studio, was tun, webcheck



Ähnliche Themen: TR/Crypt.ZPACK.Gen - was tun?


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. Troj.TR/Crypt.Zpack.151493+Troj.TR/Crypt.Xpack.138980 entfernen+daten entschlüsseln
    Log-Analyse und Auswertung - 27.08.2015 (27)
  3. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  4. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  5. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  6. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  7. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (33)
  10. TR/Dldr.Wintrim.BX.52, TR/Crypt.ZPACK.Gen, TR/Crypt.PEPM.Gen, ADWARE/Adware.Gen - ich brauche Hilfe.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (8)
  11. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  12. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  13. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  14. AntiVir: TR/Crypt.XDR.Gen & TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.02.2010 (1)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. Trojaner TR/Crypt.ASPM.Gen und TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (4)

Zum Thema TR/Crypt.ZPACK.Gen - was tun? - Hallo, bin neu hier und hoffe ihr könnt mir helfen. Gestern hat sich der Trojaner TR/Crypt.ZPACK.Gen bei mir eingenistet . Bekam von Antivir sofort mehrere Meldungen das versch. Dateien infiziert - TR/Crypt.ZPACK.Gen - was tun?...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen - was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.