How to remove TR/Crypt.XPACK.GEN3
Solved
Tidus14
Posted messages
4
Status
Member
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello! For several weeks, my antivirus Avira Antivir has been detecting this malware. I feel my PC is getting slower by the day. While looking on the Internet, I saw that external help might be needed to remove it! Could someone help me remove this software? Thank you!
7 answers
Hi,
Give the Antivir scan report.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Give the Antivir scan report.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Hey! the report!
------------------------------------------------------------------------------------
Avira AntiVir Personal
Date of report file creation: Tuesday, May 28, 2013 21:40
The search covers 4,626,350 virus strains.
License holder: Avira Free Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (Service Pack 2) [6.0.6002]
Boot mode: Started normally
Identifier: SYSTEM
Computer name: PC-DE-REMY
Version information:
BUILD.DAT: 9.0.0.81 21698 Bytes 22/10/2010 12:02:00
AVSCAN.EXE: 9.0.3.10 466689 Bytes 21/11/2009 16:28:00
AVSCAN.DLL: 9.0.3.0 49409 Bytes 3/03/2009 09:21:02
LUKE.DLL: 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL: 9.0.2.0 13569 Bytes 3/03/2009 09:21:31
VBASE000.VDF: 7.10.0.0 19875328 Bytes 6/11/2009 16:28:00
VBASE001.VDF: 7.11.0.0 13342208 Bytes 14/12/2010 17:44:44
VBASE002.VDF: 7.11.19.170 14374912 Bytes 20/12/2011 09:56:02
VBASE003.VDF: 7.11.21.238 4472832 Bytes 1/02/2012 18:46:30
VBASE004.VDF: 7.11.26.44 4329472 Bytes 28/03/2012 08:05:14
VBASE005.VDF: 7.11.34.116 4034048 Bytes 29/06/2012 18:43:09
VBASE006.VDF: 7.11.41.250 4902400 Bytes 6/09/2012 15:50:06
VBASE007.VDF: 7.11.50.230 3904512 Bytes 22/11/2012 16:53:26
VBASE008.VDF: 7.11.50.231 2048 Bytes 22/11/2012 16:53:26
VBASE009.VDF: 7.11.50.232 2048 Bytes 22/11/2012 16:53:26
VBASE010.VDF: 7.11.50.233 2048 Bytes 22/11/2012 16:53:26
VBASE011.VDF: 7.11.50.234 2048 Bytes 22/11/2012 16:53:27
VBASE012.VDF: 7.11.50.235 2048 Bytes 22/11/2012 16:53:27
VBASE013.VDF: 7.11.50.236 2048 Bytes 22/11/2012 16:53:27
VBASE014.VDF: 7.11.51.27 133632 Bytes 23/11/2012 17:51:37
VBASE015.VDF: 7.11.51.95 140288 Bytes 26/11/2012 17:55:51
VBASE016.VDF: 7.11.51.221 164352 Bytes 29/11/2012 07:15:37
VBASE017.VDF: 7.11.52.29 158208 Bytes 1/12/2012 08:49:27
VBASE018.VDF: 7.11.52.91 116736 Bytes 3/12/2012 09:09:18
VBASE019.VDF: 7.11.52.151 137728 Bytes 5/12/2012 09:18:48
VBASE020.VDF: 7.11.52.225 157696 Bytes 6/12/2012 21:14:12
VBASE021.VDF: 7.11.53.35 126976 Bytes 8/12/2012 21:14:13
VBASE022.VDF: 7.11.53.55 225792 Bytes 9/12/2012 21:14:16
VBASE023.VDF: 7.11.53.93 157184 Bytes 10/12/2012 23:07:13
VBASE024.VDF: 7.11.53.169 153088 Bytes 12/12/2012 17:30:52
VBASE025.VDF: 7.11.53.237 152064 Bytes 14/12/2012 17:30:43
VBASE026.VDF: 7.11.54.23 149504 Bytes 17/12/2012 19:00:46
VBASE027.VDF: 7.11.54.67 130048 Bytes 18/12/2012 19:00:43
VBASE028.VDF: 7.11.54.153 292352 Bytes 21/12/2012 21:51:56
VBASE029.VDF: 7.11.54.154 2048 Bytes 21/12/2012 21:51:56
VBASE030.VDF: 7.11.54.155 2048 Bytes 21/12/2012 21:51:56
VBASE031.VDF: 7.11.54.248 276480 Bytes 27/12/2012 20:45:16
Engine version: 8.2.10.224
AEBB.DLL: 8.1.2.10 102772 Bytes 10/07/2012 20:22:37
AESCRIPT.DLL: 8.1.4.78 467323 Bytes 20/12/2012 19:01:52
AESCN.DLL: 8.1.10.0 131445 Bytes 14/12/2012 17:31:05
AESBX.DLL: 8.2.5.12 606578 Bytes 18/06/2012 10:57:14
AERDL.DLL: 8.2.0.74 643445 Bytes 8/11/2012 16:48:12
AEPACK.DLL: 8.3.1.2 819574 Bytes 20/12/2012 19:01:48
AEOFFICE.DLL: 8.1.2.50 201084 Bytes 5/11/2012 23:06:05
AEHEUR.DLL: 8.1.4.168 5628280 Bytes 20/12/2012 19:01:37
AEHELP.DLL: 8.1.25.2 258423 Bytes 11/10/2012 15:33:35
AEGEN.DLL: 8.1.6.12 434549 Bytes 14/12/2012 17:31:00
AEEXP.DLL: 8.3.0.4 184692 Bytes 20/12/2012 19:01:53
AEEMU.DLL: 8.1.3.2 393587 Bytes 10/07/2012 20:22:33
AECORE.DLL: 8.1.30.0 201079 Bytes 14/12/2012 17:30:59
AEBB.DLL: 8.1.1.4 53619 Bytes 5/11/2012 23:06:02
AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL: 9.0.3.0 44289 Bytes 4/10/2009 13:55:31
AVREP.DLL: 10.0.0.9 174120 Bytes 4/03/2011 19:20:07
AVREG.DLL: 9.0.0.0 36609 Bytes 7/11/2008 14:24:42
AVARKT.DLL: 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL: 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL: 9.2.0.25 28417 Bytes 2/02/2009 07:20:57
NETNT.DLL: 9.0.0.0 11521 Bytes 7/11/2008 14:40:59
RCIMAGE.DLL: 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL: 9.0.73.0 88321 Bytes 21/11/2009 16:27:59
Current scan configuration:
Task name: System Integrity Check
Configuration file: c:\program files\avira\antivir desktop\sysscan.avp
Documentation: low
Main action: interactive
Secondary action: ignore
Boot sectors master boot record scan: on
Boot sectors scan: on
Boot sectors: C:, D:,
Scan active processes: on
Scan on startup entry: on
Rootkit scan: on
System file integrity check: off
File search mode: All files
Archive scan: on
Recursion depth limit: 20
Archive Smart Extensions: on
Macrovirus heuristics: on
File heuristic: medium
Danger categories disagreeing: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start time: Tuesday, May 28, 2013 21:40
Hidden objects search begins.
'180957' objects checked, '0' hidden objects found.
Started search on running processes:
Search process 'avscan.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'avcenter.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'wuauclt.exe' - '1' module(s) checked
Search process 'wmpnetwk.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'installclick-connector.exe' - '1' module(s) checked
Search process 'NMIndexingService.exe' - '1' module(s) checked
Search process 'WmiPrvSE.exe' - '1' module(s) checked
Search process 'WisLMSvc.exe' - '1' module(s) checked
Search process 'taskeng.exe' - '1' module(s) checked
Search process 'ehmsas.exe' - '1' module(s) checked
Search process 'NMIndexStoreSvr.exe' - '1' module(s) checked
Search process 'ehtray.exe' - '1' module(s) checked
Search process 'msnmsgr.exe' - '1' module(s) checked
Search process 'sidebar.exe' - '1' module(s) checked
Search process 'jusched.exe' - '1' module(s) checked
Search process 'DivXUpdate.exe' - '1' module(s) checked
Search process 'avgnt.exe' - '1' module(s) checked
Search process 'TVEService.exe' - '1' module(s) checked
Search process 'WButton.exe' - '1' module(s) checked
Search process 'OSD.exe' - '1' module(s) checked
Search process 'HotkeyApp.exe' - '1' module(s) checked
Search process 'FspUip.exe' - '1' module(s) checked
Search process 'sttray.exe' - '1' module(s) checked
Search process 'taskeng.exe' - '1' module(s) checked
Search process 'tsnp2uvc.exe' - '1' module(s) checked
Search process 'IAAnotif.exe' - '1' module(s) checked
Search process 'MSASCui.exe' - '1' module(s) checked
Search process 'explorer.exe' - '1' module(s) checked
Search process 'dwm.exe' - '1' module(s) checked
Search process 'TVESched.exe' - '1' module(s) checked
Search process 'IAANTmon.exe' - '1' module(s) checked
Search process 'X10NETS.EXE' - '1' module(s) checked
Search process 'SearchIndexer.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'TVECapSvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'RichVideo.exe' - '1' module(s) checked
Search process 'Rezip.exe' - '1' module(s) checked
Search process 'PsiService_2.exe' - '1' module(s) checked
Search process 'PSIService.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'IoctlSvc.exe' - '1' module(s) checked
Search process 'NBService.exe' - '1' module(s) checked
Search process 'MDM.EXE' - '1' module(s) checked
Search process 'nvvsvc.exe' - '1' module(s) checked
Search process 'installclick.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'SeaPort.EXE' - '1' module(s) checked
Search process 'avguard.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'sched.exe' - '1' module(s) checked
Search process 'spoolsv.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'SLsvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'winlogon.exe' - '1' module(s) checked
Search process 'audiodg.exe' - '0' module(s) checked
Search process 'stacsv.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'nvvsvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'lsm.exe' - '1' module(s) checked
Search process 'lsass.exe' - '1' module(s) checked
Search process 'services.exe' - '1' module(s) checked
Search process 'csrss.exe' - '1' module(s) checked
Search process 'wininit.exe' - '1' module(s) checked
Search process 'csrss.exe' - '1' module(s) checked
Search process 'smss.exe' - '1' module(s) checked
'81' processes checked with '81' modules
Started scan on master boot record:
Master boot sector HD0
[INFO] No virus found!
Started scan on boot sectors:
Boot sector 'C:\'
[INFO] No virus found!
Boot sector 'D:\'
[INFO] No virus found!
Scan of references to executable files (registry) begins:
The registry has been scanned ( '43' files).
The search on selected files begins:
Starting search in 'C:\' <BOOT>
C:\hiberfil.sys
[WARNING] Unable to open the file!
[NOTE] This is a Windows system file.
[NOTE] It is correct that this file cannot be opened for the search.
C:\pagefile.sys
[WARNING] Unable to open the file!
[NOTE] This is a Windows system file.
[NOTE] It is correct that this file cannot be opened for the search.
C:\Windows\SoftwareDistribution\Download\0a6fb94e159dba680587dbfe244893eb59ed1bac
[0] Archive type: CAB SFX (self extracting)
--> MpMiniSigStub.exe
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING] ''. The result very likely concerns an error message. Please resend this file immediately for a more detailed analysis.
C:\Windows\SoftwareDistribution\Download\14931edbc12d0e7dee47cff959d58c9252395a3d
[0] Archive type: CAB SFX (self extracting)
--> MpMiniSigStub.exe
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING] ''. The result very likely concerns an error message. Please resend this file immediately for a more detailed analysis.
C:\Windows\SoftwareDistribution\Download\9575a4d9fec961af748017f007b9fc2373625432
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING]
------------------------------------------------------------------------------------
Avira AntiVir Personal
Date of report file creation: Tuesday, May 28, 2013 21:40
The search covers 4,626,350 virus strains.
License holder: Avira Free Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows Vista
Windows version: (Service Pack 2) [6.0.6002]
Boot mode: Started normally
Identifier: SYSTEM
Computer name: PC-DE-REMY
Version information:
BUILD.DAT: 9.0.0.81 21698 Bytes 22/10/2010 12:02:00
AVSCAN.EXE: 9.0.3.10 466689 Bytes 21/11/2009 16:28:00
AVSCAN.DLL: 9.0.3.0 49409 Bytes 3/03/2009 09:21:02
LUKE.DLL: 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL: 9.0.2.0 13569 Bytes 3/03/2009 09:21:31
VBASE000.VDF: 7.10.0.0 19875328 Bytes 6/11/2009 16:28:00
VBASE001.VDF: 7.11.0.0 13342208 Bytes 14/12/2010 17:44:44
VBASE002.VDF: 7.11.19.170 14374912 Bytes 20/12/2011 09:56:02
VBASE003.VDF: 7.11.21.238 4472832 Bytes 1/02/2012 18:46:30
VBASE004.VDF: 7.11.26.44 4329472 Bytes 28/03/2012 08:05:14
VBASE005.VDF: 7.11.34.116 4034048 Bytes 29/06/2012 18:43:09
VBASE006.VDF: 7.11.41.250 4902400 Bytes 6/09/2012 15:50:06
VBASE007.VDF: 7.11.50.230 3904512 Bytes 22/11/2012 16:53:26
VBASE008.VDF: 7.11.50.231 2048 Bytes 22/11/2012 16:53:26
VBASE009.VDF: 7.11.50.232 2048 Bytes 22/11/2012 16:53:26
VBASE010.VDF: 7.11.50.233 2048 Bytes 22/11/2012 16:53:26
VBASE011.VDF: 7.11.50.234 2048 Bytes 22/11/2012 16:53:27
VBASE012.VDF: 7.11.50.235 2048 Bytes 22/11/2012 16:53:27
VBASE013.VDF: 7.11.50.236 2048 Bytes 22/11/2012 16:53:27
VBASE014.VDF: 7.11.51.27 133632 Bytes 23/11/2012 17:51:37
VBASE015.VDF: 7.11.51.95 140288 Bytes 26/11/2012 17:55:51
VBASE016.VDF: 7.11.51.221 164352 Bytes 29/11/2012 07:15:37
VBASE017.VDF: 7.11.52.29 158208 Bytes 1/12/2012 08:49:27
VBASE018.VDF: 7.11.52.91 116736 Bytes 3/12/2012 09:09:18
VBASE019.VDF: 7.11.52.151 137728 Bytes 5/12/2012 09:18:48
VBASE020.VDF: 7.11.52.225 157696 Bytes 6/12/2012 21:14:12
VBASE021.VDF: 7.11.53.35 126976 Bytes 8/12/2012 21:14:13
VBASE022.VDF: 7.11.53.55 225792 Bytes 9/12/2012 21:14:16
VBASE023.VDF: 7.11.53.93 157184 Bytes 10/12/2012 23:07:13
VBASE024.VDF: 7.11.53.169 153088 Bytes 12/12/2012 17:30:52
VBASE025.VDF: 7.11.53.237 152064 Bytes 14/12/2012 17:30:43
VBASE026.VDF: 7.11.54.23 149504 Bytes 17/12/2012 19:00:46
VBASE027.VDF: 7.11.54.67 130048 Bytes 18/12/2012 19:00:43
VBASE028.VDF: 7.11.54.153 292352 Bytes 21/12/2012 21:51:56
VBASE029.VDF: 7.11.54.154 2048 Bytes 21/12/2012 21:51:56
VBASE030.VDF: 7.11.54.155 2048 Bytes 21/12/2012 21:51:56
VBASE031.VDF: 7.11.54.248 276480 Bytes 27/12/2012 20:45:16
Engine version: 8.2.10.224
AEBB.DLL: 8.1.2.10 102772 Bytes 10/07/2012 20:22:37
AESCRIPT.DLL: 8.1.4.78 467323 Bytes 20/12/2012 19:01:52
AESCN.DLL: 8.1.10.0 131445 Bytes 14/12/2012 17:31:05
AESBX.DLL: 8.2.5.12 606578 Bytes 18/06/2012 10:57:14
AERDL.DLL: 8.2.0.74 643445 Bytes 8/11/2012 16:48:12
AEPACK.DLL: 8.3.1.2 819574 Bytes 20/12/2012 19:01:48
AEOFFICE.DLL: 8.1.2.50 201084 Bytes 5/11/2012 23:06:05
AEHEUR.DLL: 8.1.4.168 5628280 Bytes 20/12/2012 19:01:37
AEHELP.DLL: 8.1.25.2 258423 Bytes 11/10/2012 15:33:35
AEGEN.DLL: 8.1.6.12 434549 Bytes 14/12/2012 17:31:00
AEEXP.DLL: 8.3.0.4 184692 Bytes 20/12/2012 19:01:53
AEEMU.DLL: 8.1.3.2 393587 Bytes 10/07/2012 20:22:33
AECORE.DLL: 8.1.30.0 201079 Bytes 14/12/2012 17:30:59
AEBB.DLL: 8.1.1.4 53619 Bytes 5/11/2012 23:06:02
AVWINLL.DLL: 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL: 9.0.3.0 44289 Bytes 4/10/2009 13:55:31
AVREP.DLL: 10.0.0.9 174120 Bytes 4/03/2011 19:20:07
AVREG.DLL: 9.0.0.0 36609 Bytes 7/11/2008 14:24:42
AVARKT.DLL: 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL: 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL: 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL: 9.2.0.25 28417 Bytes 2/02/2009 07:20:57
NETNT.DLL: 9.0.0.0 11521 Bytes 7/11/2008 14:40:59
RCIMAGE.DLL: 9.0.0.25 2438913 Bytes 17/06/2009 12:44:26
RCTEXT.DLL: 9.0.73.0 88321 Bytes 21/11/2009 16:27:59
Current scan configuration:
Task name: System Integrity Check
Configuration file: c:\program files\avira\antivir desktop\sysscan.avp
Documentation: low
Main action: interactive
Secondary action: ignore
Boot sectors master boot record scan: on
Boot sectors scan: on
Boot sectors: C:, D:,
Scan active processes: on
Scan on startup entry: on
Rootkit scan: on
System file integrity check: off
File search mode: All files
Archive scan: on
Recursion depth limit: 20
Archive Smart Extensions: on
Macrovirus heuristics: on
File heuristic: medium
Danger categories disagreeing: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start time: Tuesday, May 28, 2013 21:40
Hidden objects search begins.
'180957' objects checked, '0' hidden objects found.
Started search on running processes:
Search process 'avscan.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'avcenter.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'wuauclt.exe' - '1' module(s) checked
Search process 'wmpnetwk.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'chrome.exe' - '1' module(s) checked
Search process 'installclick-connector.exe' - '1' module(s) checked
Search process 'NMIndexingService.exe' - '1' module(s) checked
Search process 'WmiPrvSE.exe' - '1' module(s) checked
Search process 'WisLMSvc.exe' - '1' module(s) checked
Search process 'taskeng.exe' - '1' module(s) checked
Search process 'ehmsas.exe' - '1' module(s) checked
Search process 'NMIndexStoreSvr.exe' - '1' module(s) checked
Search process 'ehtray.exe' - '1' module(s) checked
Search process 'msnmsgr.exe' - '1' module(s) checked
Search process 'sidebar.exe' - '1' module(s) checked
Search process 'jusched.exe' - '1' module(s) checked
Search process 'DivXUpdate.exe' - '1' module(s) checked
Search process 'avgnt.exe' - '1' module(s) checked
Search process 'TVEService.exe' - '1' module(s) checked
Search process 'WButton.exe' - '1' module(s) checked
Search process 'OSD.exe' - '1' module(s) checked
Search process 'HotkeyApp.exe' - '1' module(s) checked
Search process 'FspUip.exe' - '1' module(s) checked
Search process 'sttray.exe' - '1' module(s) checked
Search process 'taskeng.exe' - '1' module(s) checked
Search process 'tsnp2uvc.exe' - '1' module(s) checked
Search process 'IAAnotif.exe' - '1' module(s) checked
Search process 'MSASCui.exe' - '1' module(s) checked
Search process 'explorer.exe' - '1' module(s) checked
Search process 'dwm.exe' - '1' module(s) checked
Search process 'TVESched.exe' - '1' module(s) checked
Search process 'IAANTmon.exe' - '1' module(s) checked
Search process 'X10NETS.EXE' - '1' module(s) checked
Search process 'SearchIndexer.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'TVECapSvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'RichVideo.exe' - '1' module(s) checked
Search process 'Rezip.exe' - '1' module(s) checked
Search process 'PsiService_2.exe' - '1' module(s) checked
Search process 'PSIService.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'IoctlSvc.exe' - '1' module(s) checked
Search process 'NBService.exe' - '1' module(s) checked
Search process 'MDM.EXE' - '1' module(s) checked
Search process 'nvvsvc.exe' - '1' module(s) checked
Search process 'installclick.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'SeaPort.EXE' - '1' module(s) checked
Search process 'avguard.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'sched.exe' - '1' module(s) checked
Search process 'spoolsv.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'SLsvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'winlogon.exe' - '1' module(s) checked
Search process 'audiodg.exe' - '0' module(s) checked
Search process 'stacsv.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'nvvsvc.exe' - '1' module(s) checked
Search process 'svchost.exe' - '1' module(s) checked
Search process 'lsm.exe' - '1' module(s) checked
Search process 'lsass.exe' - '1' module(s) checked
Search process 'services.exe' - '1' module(s) checked
Search process 'csrss.exe' - '1' module(s) checked
Search process 'wininit.exe' - '1' module(s) checked
Search process 'csrss.exe' - '1' module(s) checked
Search process 'smss.exe' - '1' module(s) checked
'81' processes checked with '81' modules
Started scan on master boot record:
Master boot sector HD0
[INFO] No virus found!
Started scan on boot sectors:
Boot sector 'C:\'
[INFO] No virus found!
Boot sector 'D:\'
[INFO] No virus found!
Scan of references to executable files (registry) begins:
The registry has been scanned ( '43' files).
The search on selected files begins:
Starting search in 'C:\' <BOOT>
C:\hiberfil.sys
[WARNING] Unable to open the file!
[NOTE] This is a Windows system file.
[NOTE] It is correct that this file cannot be opened for the search.
C:\pagefile.sys
[WARNING] Unable to open the file!
[NOTE] This is a Windows system file.
[NOTE] It is correct that this file cannot be opened for the search.
C:\Windows\SoftwareDistribution\Download\0a6fb94e159dba680587dbfe244893eb59ed1bac
[0] Archive type: CAB SFX (self extracting)
--> MpMiniSigStub.exe
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING] ''. The result very likely concerns an error message. Please resend this file immediately for a more detailed analysis.
C:\Windows\SoftwareDistribution\Download\14931edbc12d0e7dee47cff959d58c9252395a3d
[0] Archive type: CAB SFX (self extracting)
--> MpMiniSigStub.exe
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING] ''. The result very likely concerns an error message. Please resend this file immediately for a more detailed analysis.
C:\Windows\SoftwareDistribution\Download\9575a4d9fec961af748017f007b9fc2373625432
[RESULT] Contains the Trojan horse TR/Crypt.XPACK.Gen3
[WARNING]
Meh.
It smells like a false positive.
To see:
Run an OTL scan to diagnose the programs that are running and detect infections - the program will generate two reports OTL.txt and Extras.txt
Provide the two reports:
You can follow the instructions on this page to help yourself: https://www.malekal.com/tutorial-otl/
* Download http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ to your desktop.
(On Vista/Win7, you must right-click OTL and choose Run as administrator)
In the case of Avast!, do not run the program in the Sandbox (see help link above).
* Launch OTL
* In the top right of Quick Analysis, check "all users"
* In OTL, under Personalization, copy-paste the script below:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Click the Analyze button.
* When the scan is finished, use the site http://pjjoint.malekal.com/ to send the OTL.txt (and Extras.txt if present).
Give the pjjoint links pointing to these reports here in a new message.
I repeat: give the link to the pjjoint report here in a new message.
DO NOT COPY/PASTE THE REPORT HERE - GIVE THE PJJOINT LINK IN A NEW MESSAGE
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
It smells like a false positive.
To see:
Run an OTL scan to diagnose the programs that are running and detect infections - the program will generate two reports OTL.txt and Extras.txt
Provide the two reports:
You can follow the instructions on this page to help yourself: https://www.malekal.com/tutorial-otl/
* Download http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ to your desktop.
(On Vista/Win7, you must right-click OTL and choose Run as administrator)
In the case of Avast!, do not run the program in the Sandbox (see help link above).
* Launch OTL
* In the top right of Quick Analysis, check "all users"
* In OTL, under Personalization, copy-paste the script below:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Click the Analyze button.
* When the scan is finished, use the site http://pjjoint.malekal.com/ to send the OTL.txt (and Extras.txt if present).
Give the pjjoint links pointing to these reports here in a new message.
I repeat: give the link to the pjjoint report here in a new message.
DO NOT COPY/PASTE THE REPORT HERE - GIVE THE PJJOINT LINK IN A NEW MESSAGE
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Here is the link to the OTL scan (I only had one document)
https://pjjoint.malekal.com/files.php?id=20130529_d12e5e9v13m10
https://pjjoint.malekal.com/files.php?id=20130529_d12e5e9v13m10
Relance OTL.
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparaitra, copie/colle le contenu ici:
:OTL
O2 - BHO: (Reg Error: Value error.) - {0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da} - C:\Windows\System32\DevicePairing32.dll File not found
O4 - HKU\S-1-5-21-4007713325-3891660512-1495792294-1000..\Run: [eType Setup403515.exe] C:\Users\Remy\AppData\Local\Temp\eType Setup403515.exe /XML=C:\Users\Remy\AppData\Local\Temp\3769.tmp /STP=0:1 File not found
[2010/01/19 18:36:08 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\7waeWpe6CLflU.vbs
[2010/01/17 21:16:24 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\Ob7nu.vbs
[2010/01/11 11:35:44 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\ausc1Sa.vbs
[2013/05/29 00:54:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job
* redemarre le pc sous windows et poste le rapport ici
Je pense que les détections d'Antivir sont des erreurs de détections et qu'il n'y a pas de malware dans ce fichier.
en plus :
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen3
[AVERTISSEMENT] 'Contient le cheval de Troie TR/Crypt.XPACK.Gen3'. Le résultat concerne très probablement un message d'erreur. Veuillez nous renvoyer immédiatement ce fichier pour une analyse plus détaillée.
S'il est en quarantaine, tu peux leur envoyer comme indiqué sur cette page : https://forum.malekal.com/viewtopic.php?t=18237&start=
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparaitra, copie/colle le contenu ici:
:OTL
O2 - BHO: (Reg Error: Value error.) - {0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da} - C:\Windows\System32\DevicePairing32.dll File not found
O4 - HKU\S-1-5-21-4007713325-3891660512-1495792294-1000..\Run: [eType Setup403515.exe] C:\Users\Remy\AppData\Local\Temp\eType Setup403515.exe /XML=C:\Users\Remy\AppData\Local\Temp\3769.tmp /STP=0:1 File not found
[2010/01/19 18:36:08 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\7waeWpe6CLflU.vbs
[2010/01/17 21:16:24 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\Ob7nu.vbs
[2010/01/11 11:35:44 | 000,001,372 | ---- | C] () -- C:\Users\Remy\AppData\Roaming\ausc1Sa.vbs
[2013/05/29 00:54:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job
* redemarre le pc sous windows et poste le rapport ici
Je pense que les détections d'Antivir sont des erreurs de détections et qu'il n'y a pas de malware dans ce fichier.
en plus :
[RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen3
[AVERTISSEMENT] 'Contient le cheval de Troie TR/Crypt.XPACK.Gen3'. Le résultat concerne très probablement un message d'erreur. Veuillez nous renvoyer immédiatement ce fichier pour une analyse plus détaillée.
S'il est en quarantaine, tu peux leur envoyer comme indiqué sur cette page : https://forum.malekal.com/viewtopic.php?t=18237&start=
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Here is the translation:
Here is the correction report after restarting my PC. Okay I will send them the link but when Avira detects it, I always choose the delete option.
Thank you for your help!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4007713325-3891660512-1495792294-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eType Setup403515.exe deleted successfully.
C:\Users\Remy\AppData\Roaming\7waeWpe6CLflU.vbs moved successfully.
C:\Users\Remy\AppData\Roaming\Ob7nu.vbs moved successfully.
C:\Users\Remy\AppData\Roaming\ausc1Sa.vbs moved successfully.
C:\Windows\Tasks\PC Performer_UPDATES.job moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 05292013_104801
Here is the correction report after restarting my PC. Okay I will send them the link but when Avira detects it, I always choose the delete option.
Thank you for your help!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EF1B4EE-06E7-407C-8DFB-A6CC0564B1Da}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4007713325-3891660512-1495792294-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eType Setup403515.exe deleted successfully.
C:\Users\Remy\AppData\Roaming\7waeWpe6CLflU.vbs moved successfully.
C:\Users\Remy\AppData\Roaming\Ob7nu.vbs moved successfully.
C:\Users\Remy\AppData\Roaming\ausc1Sa.vbs moved successfully.
C:\Windows\Tasks\PC Performer_UPDATES.job moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 05292013_104801