Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner TR/Crypt.XPACK.Gen3

Trojaner TR/Crypt.XPACK.Gen3


Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 23.06.2011, 21:00   #1
KOKObar
 
Trojaner TR/Crypt.XPACK.Gen3 - Standard

Trojaner TR/Crypt.XPACK.Gen3


Guten Abend,

Ich habe mir den Trojaner TR/Crypt.XPACK.Gen3 eingefangen und wäre sehr dankbar, wenn mir da weitergeholfen werden könnte. Habs schon durch OTL laufen lassen und Folgendes erhalten:

OTL.txt:
OTL logfile created on: 6/23/2011 8:19:46 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = D:\
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.93 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 61.83% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 13.68 Gb Free Space | 9.67% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 33.35 Gb Free Space | 23.57% Space Free | Partition Type: NTFS
Drive F: | 273.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 558.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 699.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Windows\System32\NlsSrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)


========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (oregeo) -- C:\Windows\System32\oregeo.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\System32\NlsSrv32.exe (Nalpeiron Ltd.)


========== Driver Services (SafeList) ==========

DRV - (Micorsoft Windows Service) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (mfehidk) -- C:\windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/30 16:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/28 13:23:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 13:23:34 | 000,000,000 | ---D | M]

[2010/08/24 19:18:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/08/24 19:18:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/06/22 22:13:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tknio9bu.default\extensions
[2011/02/11 01:50:34 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tknio9bu.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/02/11 01:32:51 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tknio9bu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/27 11:39:44 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tknio9bu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/30 18:16:58 | 000,000,919 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tknio9bu.default\searchplugins\conduit.xml
[2010/08/24 19:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/05/30 16:53:18 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/05/31 19:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/05/28 13:23:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/28 13:23:28 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/28 13:23:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/01/02 11:45:02 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/05/28 13:23:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/28 13:23:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100824181244.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{AA4116CA-3EA5-D8BF-FC6B-9C490CFEB0B0}] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] File not found
O4 - HKCU..\Run: [Lfujikomejesu] C:\Users\***\AppData\Local\capeds.dll (ArcSoft Inc.)
O4 - HKCU..\Run: [newsecureapp70700.exe] File not found
O4 - HKCU..\Run: [wXOeAwgLTnnf] C:\ProgramData\wXOeAwgLTnnf.exe (AnkhSVN)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk = File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bbepbpds.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/01/14 18:40:03 | 000,053,248 | RH-- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/14 18:55:02 | 000,000,050 | RH-- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/14 17:48:09 | 000,000,033 | RH-- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/14 17:47:41 | 000,000,033 | RH-- | M] () - H:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{be61a8a6-bc1e-11df-8114-002454a02bea}\Shell - "" = AutoRun
O33 - MountPoints2\{be61a8a6-bc1e-11df-8114-002454a02bea}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2005/01/14 18:40:03 | 000,053,248 | RH-- | M] ()
O33 - MountPoints2\{c2008cd2-66c3-11df-a6f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2008cd2-66c3-11df-a6f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOPLAY.EXE id=10000020000015000011 ver=1.0.0.0
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 20:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/22 22:21:23 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{7E516ADC-0021-4E82-A8A0-E228D603ED1E}
[2011/06/22 22:12:30 | 000,450,560 | -H-- | C] (AnkhSVN) -- C:\ProgramData\wXOeAwgLTnnf.exe
[2011/06/22 22:10:41 | 000,000,000 | -H-D | C] -- C:\Users\Kilian\sumdqmxn
[2011/06/21 20:42:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/06/21 20:38:53 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/21 20:38:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/06/21 20:38:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/21 20:38:52 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/21 20:38:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/21 20:38:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/21 20:38:51 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/21 20:38:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/21 20:38:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/21 20:38:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/21 20:38:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/10 22:38:40 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\et
[2011/05/25 07:04:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2010/09/11 14:19:34 | 000,233,472 | -H-- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\REX Shared Library.dll
[2010/09/11 14:19:34 | 000,225,280 | -H-- | C] (Propellerhead Software AB) -- C:\Users\***\AppData\Roaming\Rewire.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2009/07/14 00:24:44 | 000,274,432 | -H-- | C] (Intel Corporation) -- C:\Users\***\AppData\Local\ekawovoxadosexas.dll
[2009/07/14 00:24:44 | 000,114,688 | -H-- | C] (ArcSoft Inc.) -- C:\Users\***\AppData\Local\capeds.dll

========== Files - Modified Within 30 Days ==========

[2011/06/23 20:21:11 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 20:21:11 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 20:12:49 | 000,000,290 | -H-- | M] () -- C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/23 20:12:47 | 000,000,290 | -H-- | M] () -- C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/06/23 20:09:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/22 23:32:21 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 23:20:11 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/06/22 23:20:11 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/22 23:20:11 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/06/22 23:20:11 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/22 22:21:32 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Jyiqobituyi.dat
[2011/06/22 22:12:27 | 000,450,560 | -H-- | M] (AnkhSVN) -- C:\ProgramData\wXOeAwgLTnnf.exe
[2011/06/22 22:07:56 | 000,168,826 | --S- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bbepbpds.exe
[2011/06/22 09:59:50 | 000,002,854 | -H-- | M] () -- C:\Users\***\Desktop\Start.lnk
[2011/06/21 17:09:18 | 000,000,476 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for ***.job
[2011/06/07 21:28:16 | 000,728,549 | -H-- | M] () -- C:\Users\***\Desktop\informationen-zur-onlinebewerbung.pdf
[2011/05/28 04:00:02 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2011/06/22 22:21:32 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Jyiqobituyi.dat
[2011/06/22 22:09:55 | 000,168,826 | --S- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bbepbpds.exe
[2011/06/22 09:59:50 | 000,002,854 | -H-- | C] () -- C:\Users\***\Desktop\Start.lnk
[2011/06/07 21:28:16 | 000,728,549 | -H-- | C] () -- C:\Users\***\Desktop\informationen-zur-onlinebewerbung.pdf
[2011/03/26 22:49:10 | 000,053,248 | ---- | C] () -- C:\windows\System32\mgxasio2.dll
[2011/03/26 22:44:58 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini
[2011/03/26 21:39:00 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2011/03/21 23:45:47 | 000,018,944 | ---- | C] () -- C:\windows\System32\oregeo.exe
[2010/10/24 17:03:29 | 000,000,441 | ---- | C] () -- C:\windows\pagebreeze.ini
[2010/10/24 17:03:29 | 000,000,044 | ---- | C] () -- C:\windows\formbreeze.ini
[2010/10/18 15:49:27 | 000,005,120 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 00:38:34 | 000,009,728 | ---- | C] () -- C:\windows\System32\netset.exe
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/08/24 01:31:23 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/08/24 01:31:23 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/08/24 01:31:23 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/08/24 01:31:23 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/23 15:02:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/21 19:35:28 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/21 19:20:52 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 21:22:03 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 21:22:03 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 21:22:03 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 21:22:03 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 21:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 21:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 04:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/11/28 22:49:01 | 000,095,245 | ---- | C] () -- C:\windows\System32\dtnet.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,456,384 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 15:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 14:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 68 bytes -> C:\Users\***\Desktop\04 Honeysuckle Rose.mp3:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Users\***\Desktop\01 Bugle Call Rag.mp3:KAVICHS
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp9771F40
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 100 bytes -> C:\Users\***\Desktop\19 Let's Do It (Let's Fall in Love).mp3:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\Users\***\Desktop\17 Trav'lin' All Alone.mp3:KAVICHS

< End of report >

 

Themen zu Trojaner TR/Crypt.XPACK.Gen3
alternate, antivir, avira, bho, bonjour, converter, defender, desktop, firefox, format, helper, home, logfile, mozilla, mp3, nlssrv32.exe, otl.txt, phishing, plug-in, registry, scan, sched.exe, searchplugins, secure search, security, security scan, senden, siteadvisor, software, sptd.sys, start menu, taskhost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, usb, webcheck, windows


« Laptop fliegt dauern aus dem netz | Win7 Security 2011 Center, Action Center »


Ähnliche Themen: Trojaner TR/Crypt.XPACK.Gen3


  1. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Alles rund um Windows - 16.06.2015 (1)
  3. Trojaner TR/Crypt.XPACK.Gen3 auf meinem Computer
    Log-Analyse und Auswertung - 08.09.2014 (8)
  4. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  5. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  6. TR/Crypt.XPACK.Gen3 - Trojaner - DSL viel zu langsam
    Log-Analyse und Auswertung - 17.06.2013 (19)
  7. Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner
    Log-Analyse und Auswertung - 26.05.2013 (25)
  8. Trojaner TR/crypt.xpack.gen3 und TR/Fakealert.gbr324 nd gbr278
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (1)
  9. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  10. TR/Crypt.XPACK.Gen3 Trojaner
    Log-Analyse und Auswertung - 13.12.2011 (10)
  11. TR/Crypt.XPACK.Gen3 Trojaner gefunden!
    Log-Analyse und Auswertung - 26.06.2011 (1)
  12. Trojaner TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 09.06.2011 (17)
  13. Problem mit ein Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (56)
  14. Antivir hat die Trojaner Tiny.psa, Dropper.Gen und Crypt.XPACK.Gen3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  15. Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (0)
  16. Trojaner TR/Crypt.XPACK.Gen3 und TR/Agent.aym.2 in svchost.exe und shell.exe
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  17. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner TR/Crypt.XPACK.Gen3 - Guten Abend, Ich habe mir den Trojaner TR/Crypt.XPACK.Gen3 eingefangen und wäre sehr dankbar, wenn mir da weitergeholfen werden könnte. Habs schon durch OTL laufen lassen und Folgendes erhalten: OTL.txt: OTL - Trojaner TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: Trojaner TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131