![]() |
|
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2 Hallöchen, ich habe heute 2 meldungen (identisch) von avira bekommen. Pfad und Bezeichnung siehe Titel. ich habe beide male auf löschen geklickt, bin mir aber natürlich nicht sicher, ob ich die seuche wirklich los bin. Avira sagt, dass keine Funde mehr da sind. Logfiles sind auch fertig: zuerst die DDS.txt Code:
ATTFilter . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.19190 Run by FeelDaPain at 21:51:58 on 2012-02-26 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1795 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\hasplms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Generic\Network Printer Wizard\NPWService.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Windows\System32\svchost.exe -k Update-Service C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe C:\Program Files\ASUS\ATK Hotkey\HControl.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynAsus.exe D:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\ehome\ehtray.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files\ASUS\ATK Hotkey\WDC.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\FeelDaPain\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\FeelDaPain\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.asus.com mDefault_Page_URL = hxxp://www.asus.com uInternet Settings,ProxyServer = 192.168.10.15:8080 uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Alexa: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\alexa toolbar\AlxTB2.9.39.dll TB: Gutscheinmieze: {dfefcdee-cf1a-4fc8-88ad-48514e463b27} - c:\users\feeldapain\appdata\roaming\gutscheinmieze\toolbar.dll uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [Google Update] "c:\users\feeldapain\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "d:\programme\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Razer Naga Driver] c:\program files\razer\naga epic\NagaEpicSysTray.exe mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm IE: {1009C944-97D5-44A9-9E32-DFF54F498968} - {1009C944-97D5-44A9-9E32-DFF54F498968} - c:\program files\asus security center\asus security protect manager\bin\ASWallet.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{92E553DB-5726-4C4E-8A8B-E2F2BABFF17D} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AB64F343-2364-46EE-A8EB-AEEE685B5568} : DhcpNameServer = 192.168.1.1 AppInit_DLLs: APSHook.dll acaptuser32.dll LSA: Notification Packages = scecli ASWLNPkg LSA: Authentication Packages = msv1_0 relog_ap . ============= SERVICES / DRIVERS =============== . R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-8-13 15416] R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-12-1 111160] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-1 36000] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472] R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-12-1 616400] R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-1 342480] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-12-1 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-12-1 110032] R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-1 463824] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-1 74640] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2010-9-29 458752] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-2 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 Update-Service;Update-Service;c:\windows\system32\svchost.exe -k Update-Service [2008-1-21 21504] R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2011-7-6 259584] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-12-1 91096] R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\drivers\etDevice.sys [2007-9-6 474624] R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2008-2-5 206464] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-13 54784] R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-2-28 4233728] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-2 139880] R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2010-12-16 103424] R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2008-1-31 6528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-13 29736] S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2011-2-4 48896] S3 lowcdc;USB-LINK-CFG Transfer Interface;c:\windows\system32\drivers\lowcdc.sys [2010-7-18 6400] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2012-02-26 19:45:39 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4dd1031-9c0f-4ea4-8c49-2d983b66dede}\mpengine.dll . ==================== Find3M ==================== . 2012-02-18 22:53:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-24 01:57:10 212992 ----a-w- c:\windows\system32\aptwag9fq.dll 2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 18:25:30 684032 ----a-w- c:\windows\system32\xptfhyji.tsp 2012-01-01 20:23:02 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys 2012-01-01 20:23:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec 2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll 2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll . ============= FINISH: 22:00:45,12 =============== Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 13.08.2008 18:30:24 System Uptime: 26.02.2012 21:41:26 (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | M70Vm Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | Socket 478 | 2534/267mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 106,672 GiB free. D: is FIXED (NTFS) - 223 GiB total, 92,894 GiB free. Z: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1083: 18.02.2012 16:46:36 - Windows Update RP1084: 18.02.2012 16:55:09 - Sprachpaketdeinstallation RP1085: 19.02.2012 00:08:57 - Sprachpaketdeinstallation RP1086: 20.02.2012 01:04:10 - Geplanter Prüfpunkt RP1087: 21.02.2012 00:32:23 - Geplanter Prüfpunkt RP1088: 22.02.2012 00:26:13 - Windows Update RP1089: 23.02.2012 00:00:02 - Geplanter Prüfpunkt RP1090: 26.02.2012 20:42:51 - Windows Update RP1092: 26.02.2012 21:17:24 - Sprachpaketdeinstallation . ==== Installed Programs ====================== . Acronis*True*Image*Home Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Flash Player 11 Plugin Adobe Reader 8.1.2 - Deutsch Agere Systems HDA Modem Apple Application Support Apple Mobile Device Support Apple Software Update ASUS CopyProtect ASUS LifeFrame3 ASUS Power4Gear eXtreme ASUS Security Protect Manager ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_Camera_ScreenSaver ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 AuthenTec Fingerprint Sensor Minimum Install AutoCAD 2008 - Deutsch Avira Internet Security 2012 BloodRayne Bonjour Brink CCleaner Compatibility Pack für 2007 Office System Dead Block Dolby Control Center EPLAN Electric P8 2.0 EPLAN License Client eReg Express Gate FileZilla Client 3.3.4.1 Google Chrome Guitar Hero III Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImagXpress iPhone Explorer 2.100 ITECIR iTunes Java Auto Updater JDownloader League of Legends Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Choice Guard Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NB Probe neroxml Network Printer Wizard Notepad++ NVIDIA 3D Vision Treiber 285.62 NVIDIA Grafiktreiber 285.62 NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 285.62 NVIDIA Update 1.5.20 NVIDIA Update Components Pando Media Booster PC Connectivity Solution PhoenixRC Power2Go ProtectDisc Driver, Version 11 QuickTime Razer Naga Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver redist RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Skype™ 5.5 SPCA1528 PC Driver StarCraft II Steam Synaptics Pointing Device Driver System Requirements Lab TeamSpeak 3 Client Ubisoft Game Launcher Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) USB2.0 1.3M UVC WebCam VC80CRTRedist - 8.0.50727.6195 WIDCOMM Bluetooth Software Windows Live-Uploadtool Windows Live ID-Anmelde-Assistent Windows Media Player Firefox Plugin WinFlash WinRAR Wireless Console 2 World of Warcraft Yahoo! Detect . ==== End Of File =========================== Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-02-27 18:52:28 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.BKFO Running: sj34jok3.exe; Driver: C:\Users\FEELDA~1\AppData\Local\Temp\uxriraog.sys ---- System - GMER 1.0.15 ---- SSDT 8BB26236 ZwCreateSymbolicLinkObject SSDT 8BB2623B ZwLoadDriver SSDT 8BB26231 ZwOpenSection SSDT 8BB26240 ZwSetSystemInformation SSDT 8BB261FF ZwTerminateProcess SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x8263CFEC] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8263CFEC] ZwCreateKey [0x8263CFEC] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x8263CFF1] SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8263CFF1] ZwOpenKey [0x8263CFF1] INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 8263CFF6 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 1E9 826E896C 3 Bytes [EC, CF, 63] .text ntkrnlpa.exe!KeSetEvent + 21D 826E89A0 4 Bytes [36, 62, B2, 8B] .text ntkrnlpa.exe!KeSetEvent + 37D 826E8B00 4 Bytes [3B, 62, B2, 8B] .text ntkrnlpa.exe!KeSetEvent + 3DD 826E8B60 3 Bytes [F1, CF, 63] .text ntkrnlpa.exe!KeSetEvent + 3FD 826E8B80 4 Bytes [31, 62, B2, 8B] .text ... .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA3BCC69D] .text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0xA5606000, 0x49379, 0xE0000020] .init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0xA565C224] .init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0xA565C000, 0x4000, 0xE20000E0] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA5660300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA56A6400, 0x6EB98, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5730C20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5730C20] .protectÿÿÿÿhardlockunknown last code section [0xA5730A00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA5730A00, 0x50CA, 0xE0000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA5736300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4212] kernel32.dll!SetUnhandledExceptionFilter 7648A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7451A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7454CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff88197 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x54 0x4A 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xCF 0x29 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xB2 0xAF 0x07 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0xDE 0x70 0x9A ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015aff88197 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x54 0x4A 0x1D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xCF 0x29 0x6B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xB2 0xAF 0x07 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0xDE 0x70 0x9A ... ---- EOF - GMER 1.0.15 ---- ![]() Danke schonmal |
Themen zu TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2 |
32 bit, antivir, avira, bonjour, browser, computer, cpu, defender, desktop, email, excel, firefox, flash player, fontcache, google, home, hängen, nicht sicher, notification, nvidia update, pando media booster, registry, rundll, scan, schutz, security, software, svchost.exe, system, updates, vista 32 bit, windows |