Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "TR/Crypt.XPACK.Gen"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.11.2010, 12:40   #1
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Hallo!

Wie der Threadkopf schon zeigt, sagt Avira mir dass mein Laptop mit dem Trojaner(?) "TR/Crypt.XPACK.Gen" befallen sei.

Die befallene Datei soll C:\Users\NameXY\AppData\Local\Temp\EADC225.exe sein.

Wenn ich auf entfernen klicke, sagt er mir, dass es nicht geht!


Bitte um Hilfe!



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:38, on 17.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\BisonCam\BisonAPP.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\SysWOW64\mfpmp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Athan] "C:\Program Files (x86)\Athan\Athan.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7588 bytes



Danke!

Alt 17.11.2010, 18:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Hallo,

diese Funde mit EADC-Dateien im Tempordner hatte ich letztens hier auch in einem Fall, die entpuppten sich soweit als Fehlalarm.


Aber trotzdem mal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.11.2010, 19:25   #3
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Vielen Danke erstmal!

MBAM Scan läuft, bisher 11 infizierte Dateien.

Wollte eigentlich nur anmerken, dass Avira eben eine neue Meldung brachte :


C:\Users\XY\AppData\Local\Temp\EADFE2C.exe soll wohl auch infiziert sein.


Mfg
__________________

Alt 17.11.2010, 20:17   #4
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Hier die Ergebnisse von MBAM

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5138

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

17.11.2010 21:09:58
mbam-log-2010-11-17 (21-09-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 230596
Laufzeit: 1 Stunde(n), 1 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
C:\Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Alt 17.11.2010, 20:39   #5
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.11.2010 21:20:58 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\XY\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 74,61 Gb Free Space | 32,04% Space Free | Partition Type: NTFS
Drive D: | 310,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XY-PC | User Name: XY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XY\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Cam5603D) -- C:\Windows\SysNative\Drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV:64bit: - (smscirrx64) -- C:\Windows\SysNative\DRIVERS\smscirrx64.sys (SMSC)
DRV:64bit: - (WINIO) -- C:\Windows\SysNative\WinIo.sys (hxxp://www.internals.com)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613802&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {6813e189-51e7-4d89-a90d-b9c53f2119bb}:2.7.1.3
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 18:42:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.29 18:42:05 | 000,000,000 | ---D | M]
 
[2010.06.26 20:43:42 | 000,000,000 | ---D | M] -- C:\Users\XY\AppData\Roaming\mozilla\Extensions
[2010.11.17 12:51:24 | 000,000,000 | ---D | M] -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions
[2010.09.28 22:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.16 22:12:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XY\AppData\Roaming\mozilla\Firefox\Profiles\hcid4f9c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.08 10:51:52 | 000,000,947 | ---- | M] () -- C:\Users\XY\AppData\Roaming\Mozilla\FireFox\Profiles\hcid4f9c.default\searchplugins\conduit.xml
[2010.11.16 19:41:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.02 16:38:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.02 16:38:42 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.02 16:38:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.02 16:38:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.02 16:38:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O4:64bit: - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PowerManager] C:\Program Files (x86)\Power Manager\PM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.07.31 17:32:03 | 000,000,971 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\directx\command - "" = D:\DIRECTX\DXSETUP.EXE -- [2002.07.31 17:32:03 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dplay\command - "" = D:\DIRECTX\DPLAY61A.EXE -- [2002.07.31 17:32:03 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxdiag\command - "" = D:\GOODIES\AR40DEU.EXE -- [2002.07.31 17:32:03 | 005,994,880 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxinfo\command - "" = D:\GOODIES\DIRECTX\DXINFO.EXE -- [2002.07.31 17:32:03 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtest\command - "" = D:\DIRECTX\DXDIAG.EXE -- [2002.07.31 17:32:03 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtool\command - "" = D:\GOODIES\DIRECTX\DXTOOL.EXE -- [2002.07.31 17:32:03 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\log\command - "" = D:\goodies\machine\machine.exe -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\machine\command - "" = D:\GOODIES\MACHINE\MACHINE.EXE -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\zone\command - "" = D:\GOODIES\MSZONE\ZONEA600.EXE -- [2002.07.31 17:32:03 | 006,753,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.17 20:06:23 | 000,000,000 | ---D | C] -- C:\Users\XY\AppData\Roaming\Malwarebytes
[2010.11.17 20:06:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.17 20:06:11 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.17 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.17 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.17 13:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.16 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2010.11.16 19:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2010.11.16 16:46:12 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Neuer Ordner
[2010.11.14 21:45:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Dortmund
[2010.11.11 12:44:28 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Linn Krefeld
[2010.11.09 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Nermin Yeni Fotograflar
[2010.11.07 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Schloss Hülchrath
[2010.11.07 20:55:19 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Neuss
[2010.11.07 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Wuppertal
[2010.11.04 11:17:31 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Augsburg Sonbahar
[2010.11.04 11:17:14 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Augsburg
[2010.11.03 22:59:11 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Strazburg
[2010.11.03 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\BadenBaden
[2010.11.01 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Documents\Meine empfangenen Dateien
[2010.10.27 08:40:37 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010.10.27 08:40:36 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010.10.27 08:40:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.10.27 08:40:33 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.10.27 08:40:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.10.27 08:40:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.10.26 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.10.26 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Sonbahar
[2010.10.25 16:00:32 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Krefeld
[2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.10.25 07:58:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022
[2010.10.25 07:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.10.25 07:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.10.24 21:11:13 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Krefeld Ev
[2010.10.24 15:26:57 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Frankfurt
[2010.10.24 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Bad Nauheim
[2010.10.22 09:44:55 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\geschihten
[2010.10.20 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Mettmann
[2010.10.20 12:30:07 | 000,000,000 | ---D | C] -- C:\Users\XY\Desktop\Nermin Eski Fotograflar
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.17 21:18:22 | 001,472,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.17 21:18:22 | 000,638,344 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.17 21:18:22 | 000,604,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.17 21:18:22 | 000,131,514 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.17 21:18:22 | 000,107,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.17 21:13:11 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.001
[2010.11.17 21:12:30 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.17 21:12:30 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.17 21:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.17 21:10:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.17 20:06:16 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.17 19:30:59 | 000,022,038 | ---- | M] () -- C:\Windows\KernelMessage
[2010.11.17 13:25:22 | 000,002,567 | ---- | M] () -- C:\Users\XY\Desktop\HiJackThis.lnk
[2010.11.16 22:18:32 | 000,004,991 | ---- | M] () -- C:\Users\XY\Documents\koln111.rtf
[2010.11.16 20:57:15 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for XY.job
[2010.11.15 22:30:16 | 000,005,149 | ---- | M] () -- C:\Users\XY\Documents\koln11.rtf
[2010.11.14 19:42:22 | 001,671,381 | ---- | M] () -- C:\Users\XY\Desktop\klassischeBuecher_und_Gelehrte.pdf
[2010.11.14 11:42:48 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2010.11.13 11:33:01 | 000,009,787 | ---- | M] () -- C:\Users\XY\Documents\Dortmund.rtf
[2010.11.13 00:10:14 | 000,001,554 | ---- | M] () -- C:\Users\XY\Documents\dusseldorf.rtf
[2010.11.10 14:42:24 | 000,010,193 | ---- | M] () -- C:\Users\XY\Documents\koln1.rtf
[2010.11.09 17:05:52 | 000,018,944 | ---- | M] () -- C:\Users\XY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.08 11:24:40 | 000,001,420 | ---- | M] () -- C:\Users\XY\Documents\katedral.rtf
[2010.11.07 20:15:14 | 000,173,618 | ---- | M] () -- C:\Users\XY\Desktop\yad allahs.pdf
[2010.11.07 17:12:23 | 000,027,715 | ---- | M] () -- C:\Users\XY\AppData\Roaming\nvModes.dat
[2010.11.03 07:17:42 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.02 22:57:01 | 000,059,771 | ---- | M] () -- C:\Users\XY\Desktop\62396_439662678092_193073658092_5513689_3304719_n.jpg
[2010.11.01 17:36:43 | 000,106,974 | ---- | M] () -- C:\Users\XY\Desktop\236_MuhammadibnAbdulWahab.pdf
[2010.11.01 17:28:04 | 000,289,750 | ---- | M] () -- C:\Users\XY\Desktop\dhikr.pdf
[2010.11.01 16:12:22 | 000,002,423 | ---- | M] () -- C:\Users\XY\Desktop\Hadith.rtf
[2010.10.30 22:10:28 | 000,000,192 | ---- | M] () -- C:\Users\XY\Documents\muze.rtf
[2010.10.30 11:25:39 | 000,003,523 | ---- | M] () -- C:\Users\XY\Documents\Strasburg.rtf
[2010.10.25 07:58:16 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.10.25 07:58:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2010.11.17 20:06:16 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.17 13:23:55 | 000,002,567 | ---- | C] () -- C:\Users\XY\Desktop\HiJackThis.lnk
[2010.11.15 23:32:00 | 000,004,991 | ---- | C] () -- C:\Users\XY\Documents\koln111.rtf
[2010.11.14 19:42:22 | 001,671,381 | ---- | C] () -- C:\Users\XY\Desktop\klassischeBuecher_und_Gelehrte.pdf
[2010.11.14 11:42:47 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\WebReg Officejet 5600 series.job
[2010.11.12 23:09:44 | 000,001,554 | ---- | C] () -- C:\Users\XY\Documents\dusseldorf.rtf
[2010.11.11 14:56:21 | 000,009,787 | ---- | C] () -- C:\Users\XY\Documents\Dortmund.rtf
[2010.11.10 14:42:41 | 000,005,149 | ---- | C] () -- C:\Users\XY\Documents\koln11.rtf
[2010.11.08 11:26:49 | 000,010,193 | ---- | C] () -- C:\Users\XY\Documents\koln1.rtf
[2010.11.07 20:15:14 | 000,173,618 | ---- | C] () -- C:\Users\XY\Desktop\yad allahs.pdf
[2010.11.02 22:56:59 | 000,059,771 | ---- | C] () -- C:\Users\XY\Desktop\62396_439662678092_193073658092_5513689_3304719_n.jpg
[2010.11.01 17:36:43 | 000,106,974 | ---- | C] () -- C:\Users\XY\Desktop\236_MuhammadibnAbdulWahab.pdf
[2010.11.01 17:28:04 | 000,289,750 | ---- | C] () -- C:\Users\XY\Desktop\dhikr.pdf
[2010.11.01 16:12:22 | 000,002,423 | ---- | C] () -- C:\Users\XY\Desktop\Hadith.rtf
[2010.10.30 22:10:28 | 000,000,192 | ---- | C] () -- C:\Users\XY\Documents\muze.rtf
[2010.10.30 07:34:12 | 000,003,523 | ---- | C] () -- C:\Users\XY\Documents\Strasburg.rtf
[2010.10.27 21:47:47 | 000,001,420 | ---- | C] () -- C:\Users\XY\Documents\katedral.rtf
[2010.10.25 07:58:17 | 000,000,506 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for XY.job
[2010.10.25 07:58:16 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2010.10.25 07:58:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini
[2010.09.29 11:12:41 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010.09.29 11:12:41 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.09.29 11:12:41 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.07.10 21:39:11 | 000,023,413 | ---- | C] () -- C:\Users\XY\AppData\Roaming\__t.bin
[2010.06.28 14:04:35 | 000,002,479 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.06.27 20:22:40 | 000,018,944 | ---- | C] () -- C:\Users\XY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 20:19:53 | 000,443,528 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistMSI4240.txt
[2010.06.26 20:19:53 | 000,013,978 | ---- | C] () -- C:\Users\XY\AppData\Local\dd_vcredistUI4240.txt
[2010.06.26 14:50:15 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.001
[2010.06.26 14:50:12 | 000,027,715 | ---- | C] () -- C:\Users\XY\AppData\Roaming\nvModes.dat
[2010.06.26 14:35:58 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2010.06.26 14:26:27 | 000,000,680 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps.dat
[2010.06.26 14:22:44 | 000,000,732 | ---- | C] () -- C:\Users\XY\AppData\Local\d3d9caps64.dat
[2009.04.11 17:24:20 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.11 17:23:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002.07.31 17:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2001.02.15 19:43:14 | 000,143,447 | ---- | C] () -- C:\Windows\SysWow64\DispLayline.dll
[1999.11.16 10:57:08 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\Comdll32.DLL

< End of report >
         
--- --- ---


Alt 17.11.2010, 20:44   #6
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.11.2010 21:20:58 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\XY\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 74,61 Gb Free Space | 32,04% Space Free | Partition Type: NTFS
Drive D: | 310,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: XY-PC | User Name: XY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
"VistaSp2" = 00 AF B5 BE C4 BA C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081C5A19-38F1-4CDB-BA5E-994FC047FE39}" = rport=445 | protocol=6 | dir=out | app=system | 
"{13377F9F-7E79-4CAC-B709-F0FFC4E2A101}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FEB6D93-25F3-4CEC-985E-9861D7023247}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5E6407F6-0799-48DF-A3F5-21213B031D9B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6125BFEB-65F3-45B1-8606-363984EC97C5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77C6CC02-0655-4044-88C5-AA2C62CAA1E3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A074CB0E-0B46-4862-9B54-355D0112DCAD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0688B91-B8AF-42AB-A1C0-9CA07CD6D228}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BCF14C2D-71BE-4075-899B-EAAFFCA1A66C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE1754DE-D95A-45F5-BE2E-412FA4B7C09B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C909E2D0-EC49-4F85-A017-AA30BE08ED75}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C9BC91D1-525B-41DC-9B63-7C9174DF4B90}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D58F19D3-03B7-4A12-8A7E-20C61934053C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DC435F22-3BBC-4D20-87DF-1C55FBB3EB4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{265B0625-93F0-4E84-9990-EE15145FD3F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38B86D69-FFA9-4DF0-9FD7-23E77C0A9B5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F37550C-74DF-450D-AAEC-63F2D451A88A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{52845D25-EC56-464F-BE12-57F32025E873}" = protocol=17 | dir=in | app=d:\alicesetup.exe | 
"{56293037-0978-48CE-A2B3-8B64EF10F4D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{61372077-EABD-4799-B550-2661CE5850A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A3175D8A-9F3F-4038-8371-F9D0FCE62668}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC3BECE0-9715-4005-BE89-39E453FCAEFD}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{BC04D75A-02FC-4A8E-A667-6C0088E9320B}" = protocol=6 | dir=in | app=d:\alicesetup.exe | 
"{C62F560F-F9E7-43CD-BDA1-B09A6B8E1509}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{2FCFCAD4-4070-4A17-ADDC-24FA8DC84302}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{37F6AEB4-D543-43BB-B141-699341FD4832}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{A0E6CCDA-0E08-4D99-826C-A3B724671DD2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{E73AA3C5-BEBC-4228-B761-A8279EC7CDEF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{008CBBA5-3236-4482-824B-B95CEE30CF95}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{0455D09B-6F1B-4658-B76F-95FDF70F4126}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{6D1B9648-B141-4DC7-9C94-D1777BA7A191}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{89CA535C-7FF3-4EC6-9C7C-5CCAACDF4247}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6D7AED4A30ABE45AFA06FB0B660D7C60C13E28F0" = Windows-Treiberpaket - SMSC (smscirrx64) HIDClass  (02/02/2007 6.1.6000.0)
"D9C2CADBCACF6F12970B98531B829B14456435B3" = Windows Driver Package - Silicon Integrated Systems Corp.(1.11.03) (SIS163u) Net  (05/07/2007 6.0.1039.1110)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"OEMInformation" = OEM Logo and Information
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Peter Jackson's King Kong - The Official Game of the Movie
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Athan" = Athan Basic 3.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NSS" = Norton Security Scan
"Power Manager_is1" = Power Manager 2.1.7
"TeamViewer 5" = TeamViewer 5
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2010 05:23:46 | Computer Name = XY-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
 Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode
 finden Sie in den Daten.)
 
Error - 12.10.2010 05:24:23 | Computer Name = XY-PC | Source = RapiMgr | ID = 6
Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann 
jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden.
 
Error - 12.10.2010 05:29:54 | Computer Name = XY-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
 Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode
 finden Sie in den Daten.)
 
Error - 12.10.2010 09:51:01 | Computer Name = XY-PC | Source = RapiMgr | ID = 6
Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann 
jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden.
 
Error - 12.10.2010 09:56:32 | Computer Name = XY-PC | Source = RapiMgr | ID = 6
Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, es kann 
jedoch keine Netzwerkverbindung mit dem Desktop hergestellt werden.
 
Error - 12.10.2010 10:01:04 | Computer Name = XY-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
 Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode
 finden Sie in den Daten.)
 
Error - 02.11.2010 15:43:25 | Computer Name = XY-PC | Source = VSS | ID = 12289
Description = 
 
Error - 02.11.2010 15:43:25 | Computer Name = XY-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 14.11.2010 05:16:20 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
Error - 17.11.2010 16:19:53 | Computer Name = XY-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\XY\Downloads\SoftonicDownloader62459.exe".
 Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die
 widersprüchlichen Komponenten sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
 
[ System Events ]
Error - 23.09.2010 08:37:05 | Computer Name = XY-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.72 für die Netzwerkkarte mit der Netzwerkadresse
 001644BCC53B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 23.09.2010 08:46:17 | Computer Name = XY-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse
 001644BCC53B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 24.09.2010 10:00:47 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.09.2010 um 09:44:57 unerwartet heruntergefahren.
 
Error - 24.09.2010 14:59:59 | Computer Name = XY-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2010 13:07:53 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.09.2010 um 15:07:18 unerwartet heruntergefahren.
 
Error - 28.09.2010 05:43:15 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.09.2010 um 11:41:15 unerwartet heruntergefahren.
 
Error - 28.09.2010 15:35:51 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.09.2010 um 21:23:05 unerwartet heruntergefahren.
 
Error - 02.10.2010 14:49:01 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.10.2010 um 17:51:10 unerwartet heruntergefahren.
 
Error - 04.10.2010 01:15:34 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.10.2010 um 22:49:43 unerwartet heruntergefahren.
 
Error - 05.10.2010 16:17:49 | Computer Name = XY-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.10.2010 um 12:16:01 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---

Alt 18.11.2010, 22:31   #7
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Kann man vllt mal drüberschauen ? =)

Alt 19.11.2010, 07:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.07.31 17:32:03 | 000,000,971 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\directx\command - "" = D:\DIRECTX\DXSETUP.EXE -- [2002.07.31 17:32:03 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dplay\command - "" = D:\DIRECTX\DPLAY61A.EXE -- [2002.07.31 17:32:03 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxdiag\command - "" = D:\GOODIES\AR40DEU.EXE -- [2002.07.31 17:32:03 | 005,994,880 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxinfo\command - "" = D:\GOODIES\DIRECTX\DXINFO.EXE -- [2002.07.31 17:32:03 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtest\command - "" = D:\DIRECTX\DXDIAG.EXE -- [2002.07.31 17:32:03 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\dxtool\command - "" = D:\GOODIES\DIRECTX\DXTOOL.EXE -- [2002.07.31 17:32:03 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\log\command - "" = D:\goodies\machine\machine.exe -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\machine\command - "" = D:\GOODIES\MACHINE\MACHINE.EXE -- [2002.07.31 17:32:03 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- [2002.07.31 17:32:03 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\Shell\zone\command - "" = D:\GOODIES\MSZONE\ZONEA600.EXE -- [2002.07.31 17:32:03 | 006,753,985 | R--- | M] ()
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.11.2010, 19:08   #9
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48edc911-8124-11df-b7a4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48edc911-8124-11df-b7a4-806e6f6e6963}\ not found.
File move failed. D:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: XY
->Temp folder emptied: 20302757 bytes
->Temporary Internet Files folder emptied: 130333225 bytes
->FireFox cache emptied: 72094575 bytes
->Flash cache emptied: 23613 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55941 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 485765960 bytes

Total Files Cleaned = 676,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11192010_200024

Files\Folders moved on Reboot...
File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. D:\AOESETUP.EXE scheduled to be moved on reboot.
File move failed. D:\DIRECTX\DXSETUP.EXE scheduled to be moved on reboot.
File move failed. D:\DIRECTX\DPLAY61A.EXE scheduled to be moved on reboot.
File move failed. D:\GOODIES\AR40DEU.EXE scheduled to be moved on reboot.
File move failed. D:\GOODIES\DIRECTX\DXINFO.EXE scheduled to be moved on reboot.
File move failed. D:\DIRECTX\DXDIAG.EXE scheduled to be moved on reboot.
File move failed. D:\GOODIES\DIRECTX\DXTOOL.EXE scheduled to be moved on reboot.
File move failed. D:\GOODIES\MACHINE\MACHINE.EXE scheduled to be moved on reboot.
File move failed. D:\GOODIES\MSZONE\ZONEA600.EXE scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\XY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 19.11.2010, 19:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.11.2010, 21:16   #11
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Xa 2528
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x0244A000 \SystemRoot\system32\ntoskrnl.exe
0x02404000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\PSHED.dll
0x0062D000 \SystemRoot\system32\CLFS.SYS
0x0068A000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00A06000 \SystemRoot\System32\Drivers\sppu.sys
0x00B3A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00B43000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00B71000 \SystemRoot\system32\drivers\acpi.sys
0x00BC7000 \SystemRoot\system32\drivers\msisadrv.sys
0x008F2000 \SystemRoot\system32\drivers\pci.sys
0x00BD1000 \SystemRoot\System32\drivers\partmgr.sys
0x00BE6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00BEA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00922000 \SystemRoot\system32\drivers\volmgr.sys
0x00936000 \SystemRoot\System32\drivers\volmgrx.sys
0x00BF6000 \SystemRoot\system32\drivers\pciide.sys
0x0099C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009AC000 \SystemRoot\System32\drivers\mountmgr.sys
0x009BF000 \SystemRoot\system32\drivers\atapi.sys
0x009C7000 \SystemRoot\system32\drivers\ataport.SYS
0x009EB000 \SystemRoot\system32\drivers\nvstor.sys
0x0073C000 \SystemRoot\system32\drivers\storport.sys
0x00799000 \SystemRoot\system32\drivers\fltmgr.sys
0x007E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0F000 \SystemRoot\system32\drivers\ndis.sys
0x00C8A000 \SystemRoot\system32\drivers\msrpc.sys
0x00CDA000 \SystemRoot\system32\drivers\NETIO.SYS
0x0100D000 \SystemRoot\System32\drivers\tcpip.sys
0x01183000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01388000 \SystemRoot\system32\drivers\volsnap.sys
0x013CC000 \SystemRoot\System32\Drivers\spldr.sys
0x013D4000 \SystemRoot\System32\Drivers\mup.sys
0x011AF000 \SystemRoot\System32\drivers\ecache.sys
0x00FD2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013E6000 \SystemRoot\system32\drivers\disk.sys
0x00D33000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x011DB000 \SystemRoot\system32\drivers\crcdisk.sys
0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00D82000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x02C0F000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02E0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03804000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x038E7000 \SystemRoot\System32\drivers\watchdog.sys
0x038F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0390D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0391B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03927000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0392C000 \SystemRoot\system32\DRIVERS\smscirrx64.sys
0x0393E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03948000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03953000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03999000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x039AA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x039C6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x039D8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03A0E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C02000 \SystemRoot\system32\DRIVERS\nvm60x64.sys
0x03D22000 \SystemRoot\System32\Drivers\a3xb3rnx.SYS
0x03D64000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03DAA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03DCD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03AFB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03B2C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03B4A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03B62000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x03DE9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0373E000 \SystemRoot\system32\DRIVERS\ks.sys
0x039E8000 \SystemRoot\system32\DRIVERS\circlass.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03772000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03782000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x037CA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0420D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04301000 \SystemRoot\system32\drivers\portcls.sys
0x0433C000 \SystemRoot\system32\drivers\drmk.sys
0x0435F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04365000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x0440B000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x04609000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x046D0000 \SystemRoot\system32\drivers\modem.sys
0x046DF000 \SystemRoot\system32\DRIVERS\hidir.sys
0x046EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x046FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04704000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0470F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0471A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x04724000 \SystemRoot\System32\Drivers\Null.SYS
0x0472D000 \SystemRoot\System32\drivers\vga.sys
0x0473B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04760000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04769000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0476B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04774000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0477D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04788000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04799000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x047A2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x047BF000 \SystemRoot\system32\DRIVERS\smb.sys
0x04589000 \SystemRoot\system32\drivers\afd.sys
0x043B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x047DA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x037DE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x047F8000 \??\C:\Windows\system32\WinIo.sys
0x02D74000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D8F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x045F4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04A0A000 \SystemRoot\system32\drivers\csc.sys
0x04A80000 \SystemRoot\System32\Drivers\dfsc.sys
0x04A9D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04ABF000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x04ACD000 \SystemRoot\System32\Drivers\bthport.sys
0x04B7B000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x04BAC000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x04BB9000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x04ECA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04EE6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04EF4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04EFE000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x04F0E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x04F21000 \SystemRoot\System32\drivers\Dxapi.sys
0x04F2D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x04F40000 \SystemRoot\system32\drivers\luafv.sys
0x04F62000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x09802000 \SystemRoot\system32\drivers\spsys.sys
0x0989C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x098B0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x098E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x098EF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09907000 \SystemRoot\system32\drivers\HTTP.sys
0x099AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x099D3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04F7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04F99000 \SystemRoot\system32\drivers\mrxdav.sys
0x04FC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x00D96000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04BD8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09E01000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09E33000 \SystemRoot\System32\DRIVERS\srv.sys
0x09EC7000 \SystemRoot\system32\drivers\peauth.sys
0x09F7D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09F88000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04E00000 \SystemRoot\System32\Drivers\BisonCam.sys
0x09FBA000 \SystemRoot\System32\Drivers\STREAM.SYS
0x77AF0000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
560 csrss.exe
604 C:\Windows\System32\wininit.exe
624 csrss.exe
660 C:\Windows\System32\services.exe
688 C:\Windows\System32\winlogon.exe
704 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\svchost.exe
616 C:\Windows\System32\audiodg.exe
880 C:\Windows\System32\SLsvc.exe
1060 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\spoolsv.exe
1624 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1632 C:\Windows\System32\taskeng.exe
1640 C:\Windows\System32\dwm.exe
1648 C:\Windows\explorer.exe
1680 C:\Windows\System32\svchost.exe
1956 C:\Program Files\Windows Defender\MSASCui.exe
1964 C:\Windows\RAVCpl64.exe
1972 C:\Windows\BisonCam\BisonAPP.exe
1308 C:\Windows\System32\rundll32.exe
1316 C:\Program Files (x86)\Power Manager\PM.exe
1508 C:\Windows\WindowsMobile\wmdSync.exe
1512 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2072 C:\Windows\System32\rundll32.exe
2080 C:\Windows\ehome\ehtray.exe
2144 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2224 C:\Windows\ehome\ehmsas.exe
2376 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2384 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
2444 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2704 C:\Program Files (x86)\Athan\Athan.exe
2716 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
2752 C:\Windows\System32\svchost.exe
2784 C:\Windows\SysWOW64\svchost.exe
2844 C:\Windows\System32\svchost.exe
2952 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2968 C:\Windows\System32\svchost.exe
2984 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
3012 C:\Windows\System32\svchost.exe
2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
3000 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
2120 C:\Windows\System32\svchost.exe
3724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
1900 C:\Program Files\Windows Media Player\wmpnscfg.exe
3004 C:\Program Files\Windows Media Player\wmpnetwk.exe
2104 C:\Windows\System32\taskeng.exe
4368 C:\Windows\System32\svchost.exe
3284 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2892 C:\Windows\explorer.exe
1912 C:\Users\XY\Downloads\MBRCheck.exe
4648 C:\Windows\SysWOW64\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDC WD2500BEVS-00UST, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 21.11.2010, 10:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.11.2010, 16:21   #13
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/21/2010 at 04:59 PM

Application Version : 4.45.1000

Core Rules Database Version : 5894
Trace Rules Database Version: 3706

Scan type : Complete Scan
Total Scan Time : 01:39:50

Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 12207
Registry threats detected : 0
File items scanned : 112178
File threats detected : 2

Adware.Tracking Cookie
C:\Users\XY\AppData\Roaming\Microsoft\Windows\Cookies\XY@atdmt.combing[2].txt
C:\Users\XY\AppData\Roaming\Microsoft\Windows\Cookies\XY@atdmt[2].txt

Alt 21.11.2010, 17:31   #14
Alp90
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5138

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.11.2010 18:20:29
mbam-log-2010-11-21 (18-20-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 234026
Laufzeit: 58 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 21.11.2010, 17:53   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"TR/Crypt.XPACK.Gen" - Standard

"TR/Crypt.XPACK.Gen"



Zitat:
Datenbank Version: 5138
Du solltest MBAM doch vorher aktualisieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu "TR/Crypt.XPACK.Gen"
adobe, antivir, antivir guard, avg, avira, bho, desktop, downloader, entfernen, explorer, firefox, hijack, hijackthis, internet, internet explorer, mozilla, pdfforge toolbar, rundll, software, spigot, syswow64, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, vista, windows, wmp



Ähnliche Themen: "TR/Crypt.XPACK.Gen"


  1. Avira meldet TR/Crypt.XPACK.Gen" in Datei "mjcrosoft-windows-hal-events.exe"
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (13)
  2. Windows 8: "TR/Crypt.XPACK.Gen2" / "ADWARE/Amonetize.U.3"
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (9)
  3. TR/Crypt.XPACK.Gen3 und Telekom-abuse Nachricht auf "Hacking"
    Log-Analyse und Auswertung - 01.08.2013 (23)
  4. PC nach Befall durch "TR/Crypt.XPACK.Gen" und "TR/Crypt.ZPACK.Gen2" extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (7)
  5. "CorruptBootConfigData" Nach Virusbefall ("TR/Crypt.XPack.Gen")
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  6. 'TR/Crypt.XPACK.Gen' und "erkennungsmuster von EXP/2010-0840.AN" mit avire gefunden
    Log-Analyse und Auswertung - 18.09.2011 (1)
  7. Avira AntiVir hat folgenden Fund: "TR/Crypt.XPACK.Gen2"
    Plagegeister aller Art und deren Bekämpfung - 04.03.2011 (0)
  8. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (7)
  9. Was ist tr "crypt.xpack.gen2" und "TR/Banker.Multi.TB"?
    Alles rund um Windows - 07.01.2011 (1)
  10. ständig neue "neue" viren TR/Dropper.Gen;TR/Crypt.XPACK.Gen;TR/Crypt.PEPM.Gen;BDS/Backdoor.Gen2...
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (2)
  11. Infizierung mit "TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  12. Avira meldet "R/Crypt.XPACK.Gen2" und "BDS/Bredolab.foh"
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (43)
  13. Antivir findet mehrfach "tr/crypt.xpack.gen", is mein PC sauber?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (10)
  14. Antivir findet dauernd: "TR/Crypt.XPACK.Gen" im Temp Ordner
    Log-Analyse und Auswertung - 22.11.2009 (2)
  15. TR/Crypt.XPACK.Gen wurde enteckt-"kurze" systemdiagnose bitte
    Log-Analyse und Auswertung - 12.06.2009 (3)
  16. Problem mit "TR/TDss.AE.22" und "TR/Crypt.XPACK.Gen"
    Mülltonne - 16.12.2008 (0)
  17. "Vundo" und "TR/Crypt.XPACK.Gen"
    Plagegeister aller Art und deren Bekämpfung - 24.09.2008 (9)

Zum Thema "TR/Crypt.XPACK.Gen" - Hallo! Wie der Threadkopf schon zeigt, sagt Avira mir dass mein Laptop mit dem Trojaner(?) "TR/Crypt.XPACK.Gen" befallen sei. Die befallene Datei soll C:\Users\NameXY\AppData\Local\Temp\EADC225.exe sein. Wenn ich auf entfernen klicke, sagt - "TR/Crypt.XPACK.Gen"...
Archiv
Du betrachtest: "TR/Crypt.XPACK.Gen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.