wie werde ich TR/Crypt.XPACK.Gen wieder los?

Isbjörn1985 · 26.10.2011, 09:29

Hallo,

ich bin neu hier und mein Avira sagt beim Suchlauf, dass er oben genannten Trojaner gefunden hat! meine Frage ist jetzt: Wie werde ich diesen wieder los?

Danke schonmal!

Isbjörn

cosinus · 26.10.2011, 13:15

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Isbjörn1985 · 26.10.2011, 17:19

Also das hier hat mir Avira gesagt!

[IMG]C:\Users\Isabel Peters\Documents\Desktop\unbenannt.jpg[/IMG]

Isbjörn1985 · 26.10.2011, 17:20

sorry, das war falsch!

Isbjörn1985 · 26.10.2011, 17:21

Also hier nochmal!

Avira AntiVir Personal
Report file date: Mittwoch, 26. Oktober 2011 15:28

Scanning for 3436397 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ISABELPETERS-PC

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 12.08.2011 06:53:46
AVSCAN.DLL : 10.0.5.0 47464 Bytes 12.08.2011 06:53:46
LUKE.DLL : 10.3.0.5 45416 Bytes 12.08.2011 06:53:48
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 22:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 12.08.2011 06:53:49
AVREG.DLL : 10.3.0.9 88833 Bytes 12.08.2011 06:53:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 05:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 09:30:38
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 09:30:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 09:30:41
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 16:51:56
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 06:35:48
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 06:35:58
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 06:35:58
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 06:35:58
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 06:35:59
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 06:35:59
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 12:19:10
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 10:19:45
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 10:19:45
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 10:19:46
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 07:43:17
VBASE018.VDF : 7.11.16.77 139264 Bytes 20.10.2011 21:27:09
VBASE019.VDF : 7.11.16.112 162816 Bytes 24.10.2011 21:27:10
VBASE020.VDF : 7.11.16.113 2048 Bytes 24.10.2011 21:27:10
VBASE021.VDF : 7.11.16.114 2048 Bytes 24.10.2011 21:27:10
VBASE022.VDF : 7.11.16.115 2048 Bytes 24.10.2011 21:27:10
VBASE023.VDF : 7.11.16.116 2048 Bytes 24.10.2011 21:27:10
VBASE024.VDF : 7.11.16.117 2048 Bytes 24.10.2011 21:27:10
VBASE025.VDF : 7.11.16.118 2048 Bytes 24.10.2011 21:27:10
VBASE026.VDF : 7.11.16.119 2048 Bytes 24.10.2011 21:27:10
VBASE027.VDF : 7.11.16.120 2048 Bytes 24.10.2011 21:27:10
VBASE028.VDF : 7.11.16.121 2048 Bytes 24.10.2011 21:27:10
VBASE029.VDF : 7.11.16.122 2048 Bytes 24.10.2011 21:27:10
VBASE030.VDF : 7.11.16.123 2048 Bytes 24.10.2011 21:27:10
VBASE031.VDF : 7.11.16.143 134144 Bytes 25.10.2011 21:27:10
Engineversion : 8.2.6.96
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 21:27:15
AESCRIPT.DLL : 8.1.3.82 463227 Bytes 25.10.2011 21:27:15
AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 20.07.2011 09:29:54
AERDL.DLL : 8.1.9.15 639348 Bytes 11.09.2011 10:31:56
AEPACK.DLL : 8.2.13.3 684407 Bytes 25.10.2011 21:27:15
AEOFFICE.DLL : 8.1.2.18 201084 Bytes 25.10.2011 21:27:14
AEHEUR.DLL : 8.1.2.184 3780984 Bytes 25.10.2011 21:27:14
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 21:27:11
AEGEN.DLL : 8.1.5.11 401781 Bytes 25.10.2011 21:27:11
AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:53:14
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 21:27:11
AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 12.08.2011 06:53:46
AVREP.DLL : 10.0.0.10 174120 Bytes 12.08.2011 06:53:49
AVARKT.DLL : 10.0.26.1 255336 Bytes 12.08.2011 06:53:46
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 12.08.2011 06:53:46
SQLITE3.DLL : 3.6.19.0 355688 Bytes 20.07.2011 14:40:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 12.08.2011 06:53:45
RCTEXT.DLL : 10.0.64.0 97640 Bytes 12.08.2011 06:53:45

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, J:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Mittwoch, 26. Oktober 2011 15:28

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '92' Module(s) have been scanned
Scan process 'brpjp04a.exe' - '40' Module(s) have been scanned
Scan process 'brstswnd.exe' - '42' Module(s) have been scanned
Scan process 'plugin-container.exe' - '121' Module(s) have been scanned
Scan process 'plugin-container.exe' - '83' Module(s) have been scanned
Scan process 'firefox.exe' - '145' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '7' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '42' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'EvtEng.exe' - '84' Module(s) have been scanned
Scan process 'ehmsas.exe' - '42' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '48' Module(s) have been scanned
Scan process 'igfxext.exe' - '42' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '29' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '81' Module(s) have been scanned
Scan process 'ehtray.exe' - '45' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'LxUpdateManager.exe' - '64' Module(s) have been scanned
Scan process 'Monitor.exe' - '39' Module(s) have been scanned
Scan process 'LManager.exe' - '70' Module(s) have been scanned
Scan process 'eDSMSNfix.exe' - '18' Module(s) have been scanned
Scan process 'eDSloader.exe' - '49' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '43' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '63' Module(s) have been scanned
Scan process 'MSASCui.exe' - '54' Module(s) have been scanned
Scan process 'Explorer.EXE' - '180' Module(s) have been scanned
Scan process 'taskeng.exe' - '96' Module(s) have been scanned
Scan process 'Dwm.exe' - '53' Module(s) have been scanned
Scan process 'avshadow.exe' - '36' Module(s) have been scanned
Scan process 'eDSService.exe' - '31' Module(s) have been scanned
Scan process 'ALUSchedulerSvc.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'WLANExt.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '101' Module(s) have been scanned
Scan process 'vpnagent.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1477' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\Windows\Temp\_avast_\unp258666037.tmp
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Windows\Temp\_avast_\unp78781972.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'D:\' <DATA>
Begin scan in 'J:\' <ISA'S>

Beginning disinfection:
C:\Windows\Temp\_avast_\unp78781972.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Windows\Temp\_avast_\unp258666037.tmp
[DETECTION] Is the TR/Unpacked.Gen Trojan
[WARNING] The file was ignored!

End of the scan: Mittwoch, 26. Oktober 2011 18:20
Used time: 2:18:06 Hour(s)

The scan has been done completely.

34366 Scanned directories
738772 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
738770 Files not concerned
7637 Archives were scanned
2 Warnings
13 Notes
933588 Objects were scanned with rootkit scan
24 Hidden objects were found

cosinus · 26.10.2011, 19:41

Zitat:

C:\Windows\Temp\_avast_\unp78781972.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Wer hat dich angewiesen was von Avast zu installieren?
Wenn man zwei Virenscanner oder das Spezialtool von Avast verwendet ist das doch kein Wunder dass der eine Virenscanner angebliche Schädlinge in Bestandteilen des anderen sieht!

Isbjörn1985 · 27.10.2011, 09:35

Ich habe versucht avast zu deinstallieren! Aber bekomme das nicht hin! Wie werde ich das wieder los?

Isbjörn1985 · 27.10.2011, 09:37

Habe versucht es zu deinstallieren, bekomme das aber nicht hin! kann mir jemand sagen, wie ich das wieder los werde?

cosinus · 27.10.2011, 11:34

Eine Google-Suche nach "avast deinstallieren" ist zuviel verlangt?

avast! Uninstall Utility-aswClear-avast Antivirus Software

Isbjörn1985 · 27.10.2011, 15:41

Ich habe versucht es damit zu deinstallieren, aber es funktioniert nicht! Er sagt mir immer, dass es nicht entfernt werden konnte!

cosinus · 27.10.2011, 18:41

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

26.10.2011, 13:15	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	wie werde ich TR/Crypt.XPACK.Gen wieder los? Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner. __________________ __________________

27.10.2011, 11:34	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	wie werde ich TR/Crypt.XPACK.Gen wieder los? Eine Google-Suche nach "avast deinstallieren" ist zuviel verlangt? avast! Uninstall Utility-aswClear-avast Antivirus Software __________________ Logfiles bitte immer in CODE-Tags posten

wie werde ich TR/Crypt.XPACK.Gen wieder los?

Log-Analyse und Auswertung: wie werde ich TR/Crypt.XPACK.Gen wieder los?