Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.08.2011, 21:39   #16
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hallo Arne,

hier mal der Log von Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-06 22:33:54
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 7zv4zip8.exe; Driver: C:\Users\***\AppData\Local\Temp\pgtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            8C6F775E                                                                                                                             ZwCreateSection
SSDT            8C6F7763                                                                                                                             ZwSetContextThread
SSDT            8C6F76FF                                                                                                                             ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                                        820B4998 4 Bytes  [5E, 77, 6F, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                                        820B4CF0 4 Bytes  [63, 77, 6F, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                        820B4DA4 4 Bytes  [FF, 76, 6F, 8C]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                           [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[612] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                               [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                         [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[612] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                           [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Skype\Phone\Skype.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                           [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Skype\Phone\Skype.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]               [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Skype\Phone\Skype.exe[3216] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress]                         [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Program Files\Skype\Phone\Skype.exe[3216] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA]                           [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\program files\avira\antivir desktop\avcenter.exe[4144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]              [053E2300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\program files\avira\antivir desktop\avcenter.exe[4144] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]  [053E1B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\program files\avira\antivir desktop\avcenter.exe[4144] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]            [053E2690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\program files\avira\antivir desktop\avcenter.exe[4144] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]              [053E1290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

_____________________________

der Rest folgt....

Alt 06.08.2011, 22:00   #17
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hallo Arne,

leider hab ich ein kleines Problem. Ich hab 7zip bei Chip runtergeladen - hatte kein Programm auf dem Rechner. Der Virenscanner war aus und ich hab OSAM entpackt. Allerdings kommt immer die Fehlermeldung: osam_gui.dll kann nicht gefunden werden. Ich aber in dem Zip enthalten ?!?.

Hast du eine Idee?

Danke dir,
Betti
__________________


Alt 08.08.2011, 09:31   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Du hast OSAM vorher vollständig entpackt? Du darfst das nicht aus RAR-Archiv heraus starten!
__________________
__________________

Alt 08.08.2011, 11:49   #19
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hi Arne,

hupps, sorry. Jetzt das es geklappt. Hier die Infos:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:45:16 on 08.08.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 5.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AWISp60 NDIS Protocol Driver" (AWISp60) - ? - C:\Windows\System32\Drivers\AWISp60.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SearchSettings" - ? - "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"  (File not found)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

____________________________________

So jetzt starte ich noch die letzte Abfrage..

Alt 08.08.2011, 12:01   #20
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hi Arne,

hier die letzte Abfrage:

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-08 12:50:53
-----------------------------
12:50:53.175 OS Version: Windows 6.0.6002 Service Pack 2
12:50:53.175 Number of processors: 2 586 0x6802
12:50:53.176 ComputerName: SFC99 UserName:
12:51:13.825 Initialize success
12:52:21.512 AVAST engine defs: 11080701
12:52:46.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:52:46.221 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
12:52:48.245 Disk 0 MBR read successfully
12:52:48.253 Disk 0 MBR scan
12:52:48.305 Disk 0 unknown MBR code
12:52:48.317 Disk 0 scanning sectors +488394752
12:52:48.417 Disk 0 scanning C:\Windows\system32\drivers
12:53:04.779 Service scanning
12:53:06.552 Modules scanning
12:53:17.703 Disk 0 trace - called modules:
12:53:17.720 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:53:17.725 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857e2030]
12:53:17.730 3 CLASSPNP.SYS[82da08b3] -> nt!IofCallDriver -> [0x857e2918]
12:53:17.736 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857c3b98]
12:53:18.497 AVAST engine scan C:\Windows
12:53:29.350 AVAST engine scan C:\Windows\system32
12:56:36.898 AVAST engine scan C:\Windows\system32\drivers
12:56:50.512 AVAST engine scan C:\Users\***
12:58:16.640 AVAST engine scan C:\ProgramData
12:59:15.762 Scan finished successfully
12:59:30.735 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
12:59:30.746 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


___________________________

Und was sagst du?

Vielen, vielen Dank auf jeden Fall schon mal!
Betti


Alt 08.08.2011, 12:14   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten)

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________
--> TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen

Alt 08.08.2011, 12:30   #22
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hallo Arne,

oh je, das nimmt ja kein Ende. Was liest du denn aus den Logs raus? Ich versteh das alles ja gar nicht.

Was bedeutet das denn jetzt? Wenn ich Glück hab ist der Trojaner nachdem ich den Computer platt gemacht habe vielleicht weg?

Grüße
Betti

Alt 08.08.2011, 13:03   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Wir sind fast durch. Fix bitte den MBR.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.08.2011, 20:55   #24
Bettina
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Hallo Arnd,

ich trau mich grad nicht das fertig zu machen, weil ich für ne Hochzeit eine Einlage als Video erstellt hab und falls die Daten weg sind ... das ist mir zu kritisch. Ich warte bis nach der Hochzeit und mach dann den letzten Durchlauf fertig!! Hoffe das ist ok.

Grüße
Betti

Alt 23.08.2011, 21:18   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Standard

TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen



Deswegen schrieb ich ja vorher alle Daten sichern!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen
adware/navipromo.2.93, antivir, avg, avira, cambofix, canon, defender, desktop, entfernen, firefox, format, helper, home, internet, internet explorer, launch, malware, mozilla, popup, preferences, problem, scan, server, software, start menu, svchost, system, tr/crypt.zpack.gen, trojanisches pferd, updates, windows




Ähnliche Themen: TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. Troj.TR/Crypt.Zpack.151493+Troj.TR/Crypt.Xpack.138980 entfernen+daten entschlüsseln
    Log-Analyse und Auswertung - 27.08.2015 (27)
  3. Windows 8.1 - TR/Crypt.ZPACK.105800 - Über AVIRA nicht zu entfernen !
    Log-Analyse und Auswertung - 01.08.2015 (11)
  4. Virenfund durch Virenscanner (Adware + TR/CRYPT.ZPACK+PUA/Multiplug)
    Log-Analyse und Auswertung - 21.05.2015 (12)
  5. TR/Crypt.ZPACK.Gen2 - Wie kann ich die Malware erfolgreich entfernen?
    Log-Analyse und Auswertung - 17.09.2014 (5)
  6. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  7. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  8. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  9. TR/Crypt.ZPACK.Gen2, Adware/InstallCore.Gen, TR/black.Gen2: Wie kann ich diese Trojaner entfernen?
    Log-Analyse und Auswertung - 12.07.2013 (3)
  10. TR/Crypt.ZPACK.Gen8 und zweimal Adware
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (16)
  11. TR/Crypt.ZPACK.Gen lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.04.2012 (8)
  12. TR/Crypt.ZPack.Gen8 Advira fehler- wie entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (3)
  13. TR/Dldr.Wintrim.BX.52, TR/Crypt.ZPACK.Gen, TR/Crypt.PEPM.Gen, ADWARE/Adware.Gen - ich brauche Hilfe.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (8)
  14. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  15. TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (25)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. NaviPromo.AA und NaviPromo.AF lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.07.2009 (0)

Zum Thema TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen - Hallo Arne, hier mal der Log von Gmer: GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-08-06 22:33:54 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> - TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen und ADWARE/NaviPromo.2.93 entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.