| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.02.2012, 19:11
| #1 |
 |  TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2 Hallöchen, ich habe heute 2 meldungen (identisch) von avira bekommen. Pfad und Bezeichnung siehe Titel. ich habe beide male auf löschen geklickt, bin mir aber natürlich nicht sicher, ob ich die seuche wirklich los bin. Avira sagt, dass keine Funde mehr da sind. Logfiles sind auch fertig: zuerst die DDS.txt Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by FeelDaPain at 21:51:58 on 2012-02-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1795 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Windows\System32\svchost.exe -k Update-Service
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
D:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\FeelDaPain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FeelDaPain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uInternet Settings,ProxyServer = 192.168.10.15:8080
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Alexa: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\alexa toolbar\AlxTB2.9.39.dll
TB: Gutscheinmieze: {dfefcdee-cf1a-4fc8-88ad-48514e463b27} - c:\users\feeldapain\appdata\roaming\gutscheinmieze\toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\feeldapain\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "d:\programme\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Razer Naga Driver] c:\program files\razer\naga epic\NagaEpicSysTray.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
IE: {1009C944-97D5-44A9-9E32-DFF54F498968} - {1009C944-97D5-44A9-9E32-DFF54F498968} - c:\program files\asus security center\asus security protect manager\bin\ASWallet.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{92E553DB-5726-4C4E-8A8B-E2F2BABFF17D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AB64F343-2364-46EE-A8EB-AEEE685B5568} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: APSHook.dll acaptuser32.dll
LSA: Notification Packages = scecli ASWLNPkg
LSA: Authentication Packages = msv1_0 relog_ap
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2008-8-13 15416]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2011-12-1 111160]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-1 36000]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2011-12-1 616400]
R2 AntiVirMailService;Avira Email Schutz;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-1 342480]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-12-1 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-12-1 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-1 463824]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-1 74640]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2010-9-29 458752]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-2 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Update-Service;Update-Service;c:\windows\system32\svchost.exe -k Update-Service [2008-1-21 21504]
R2 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [2011-7-6 259584]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2011-12-1 91096]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\drivers\etDevice.sys [2007-9-6 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2008-2-5 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-13 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-2-28 4233728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-2 139880]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2010-12-16 103424]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2008-1-31 6528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-13 29736]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2011-2-4 48896]
S3 lowcdc;USB-LINK-CFG Transfer Interface;c:\windows\system32\drivers\lowcdc.sys [2010-7-18 6400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-02-26 19:45:39 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a4dd1031-9c0f-4ea4-8c49-2d983b66dede}\mpengine.dll
.
==================== Find3M ====================
.
2012-02-18 22:53:56 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-24 01:57:10 212992 ----a-w- c:\windows\system32\aptwag9fq.dll
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 18:25:30 684032 ----a-w- c:\windows\system32\xptfhyji.tsp
2012-01-01 20:23:02 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-01 20:23:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
2008-07-02 02:28:38 61440 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 22:00:45,12 ===============
Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13.08.2008 18:30:24
System Uptime: 26.02.2012 21:41:26 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | M70Vm
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | Socket 478 | 2534/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 106,672 GiB free.
D: is FIXED (NTFS) - 223 GiB total, 92,894 GiB free.
Z: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1083: 18.02.2012 16:46:36 - Windows Update
RP1084: 18.02.2012 16:55:09 - Sprachpaketdeinstallation
RP1085: 19.02.2012 00:08:57 - Sprachpaketdeinstallation
RP1086: 20.02.2012 01:04:10 - Geplanter Prüfpunkt
RP1087: 21.02.2012 00:32:23 - Geplanter Prüfpunkt
RP1088: 22.02.2012 00:26:13 - Windows Update
RP1089: 23.02.2012 00:00:02 - Geplanter Prüfpunkt
RP1090: 26.02.2012 20:42:51 - Windows Update
RP1092: 26.02.2012 21:17:24 - Sprachpaketdeinstallation
.
==== Installed Programs ======================
.
Acronis*True*Image*Home
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2 - Deutsch
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS CopyProtect
ASUS LifeFrame3
ASUS Power4Gear eXtreme
ASUS Security Protect Manager
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
AuthenTec Fingerprint Sensor Minimum Install
AutoCAD 2008 - Deutsch
Avira Internet Security 2012
BloodRayne
Bonjour
Brink
CCleaner
Compatibility Pack für 2007 Office System
Dead Block
Dolby Control Center
EPLAN Electric P8 2.0
EPLAN License Client
eReg
Express Gate
FileZilla Client 3.3.4.1
Google Chrome
Guitar Hero III
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
iPhone Explorer 2.100
ITECIR
iTunes
Java Auto Updater
JDownloader
League of Legends
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NB Probe
neroxml
Network Printer Wizard
Notepad++
NVIDIA 3D Vision Treiber 285.62
NVIDIA Grafiktreiber 285.62
NVIDIA HD-Audiotreiber 1.2.24.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 285.62
NVIDIA Update 1.5.20
NVIDIA Update Components
Pando Media Booster
PC Connectivity Solution
PhoenixRC
Power2Go
ProtectDisc Driver, Version 11
QuickTime
Razer Naga
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
redist
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype™ 5.5
SPCA1528 PC Driver
StarCraft II
Steam
Synaptics Pointing Device Driver
System Requirements Lab
TeamSpeak 3 Client
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
USB2.0 1.3M UVC WebCam
VC80CRTRedist - 8.0.50727.6195
WIDCOMM Bluetooth Software
Windows Live-Uploadtool
Windows Live ID-Anmelde-Assistent
Windows Media Player Firefox Plugin
WinFlash
WinRAR
Wireless Console 2
World of Warcraft
Yahoo! Detect
.
==== End Of File ===========================
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-27 18:52:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.BKFO
Running: sj34jok3.exe; Driver: C:\Users\FEELDA~1\AppData\Local\Temp\uxriraog.sys
---- System - GMER 1.0.15 ----
SSDT 8BB26236 ZwCreateSymbolicLinkObject
SSDT 8BB2623B ZwLoadDriver
SSDT 8BB26231 ZwOpenSection
SSDT 8BB26240 ZwSetSystemInformation
SSDT 8BB261FF ZwTerminateProcess
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x8263CFEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8263CFEC] ZwCreateKey [0x8263CFEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x8263CFF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8263CFF1] ZwOpenKey [0x8263CFF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 8263CFF6
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1E9 826E896C 3 Bytes [EC, CF, 63]
.text ntkrnlpa.exe!KeSetEvent + 21D 826E89A0 4 Bytes [36, 62, B2, 8B]
.text ntkrnlpa.exe!KeSetEvent + 37D 826E8B00 4 Bytes [3B, 62, B2, 8B]
.text ntkrnlpa.exe!KeSetEvent + 3DD 826E8B60 3 Bytes [F1, CF, 63]
.text ntkrnlpa.exe!KeSetEvent + 3FD 826E8B80 4 Bytes [31, 62, B2, 8B]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA3BCC69D]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0xA5606000, 0x49379, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0xA565C224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0xA565C000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA5660300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA56A6400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5730C20] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5730C20]
.protectÿÿÿÿhardlockunknown last code section [0xA5730A00, 0x50CA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA5730A00, 0x50CA, 0xE0000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA5736300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4212] kernel32.dll!SetUnhandledExceptionFilter 7648A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7451A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [744F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7454CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [744EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2196] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff88197
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x54 0x4A 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xCF 0x29 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xB2 0xAF 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0xDE 0x70 0x9A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015aff88197 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x66 0x54 0x4A 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x78 0xCF 0x29 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF3 0xB2 0xAF 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0xDE 0x70 0x9A ...
---- EOF - GMER 1.0.15 ----
 Danke schonmal |
| Themen zu TR/Crypt.ZPACK.Gen2 in TR/Crypt.ZPACK.Gen2 |
| 32 bit, antivir, avira, bonjour, browser, computer, cpu, defender, desktop, email, excel, firefox, flash player, fontcache, google, home, hängen, nicht sicher, notification, nvidia update, pando media booster, registry, rundll, scan, schutz, security, software, svchost.exe, system, updates, vista 32 bit, windows |
Baum-Darstellung