![]() |
|
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dll Hallo, auch ich benötige Hilfe um diesen Trojaner zu entfernen. Nach ewiger "in Quaratäneschickerei" bin ich es leid und möchte dies entfernt haben. Die Meldung erscheint stets beim Aufrufen von Internet Exploer und Mozilla Firefox. Im Anhang befinden sich die Ereignisse von Avira, attach.txt und gmer.txt Vielen Dank für die Hilfe. Code:
ATTFilter . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by *** at 11:11:18 on 2012-04-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.559 [GMT 2:00] . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k Update-Service C:\Programme\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\mHotkey.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore mSearchAssistant = hxxp://www.google.com/ie BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\programme\iepro\iepro.dll BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\programme\iepro\IEProRecorder.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No File TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [ledpointer] CNYHKey.exe mRun: [CHotkey] mHotkey.exe mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: &Add animation to IncrediMail Style Box - c:\programme\incredimail\bin\resources\WebMenuImg.htm IE: Free YouTube Download - c:\dokumente und einstellungen\dierl\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\dierl\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\programme\iepro\iepro.dll IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\programme\iepro\iepro.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll DPF: Microsoft XML Parser for Java DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229540144765 DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229540114375 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game08.zylom.com/activex/zylomgamesplayer.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15111/CTPID.cab TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{8598189B-AC18-4273-A59D-87688B8EC4C1} : DhcpNameServer = 192.168.2.1 192.168.2.1 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\dokumente und einstellungen\dierl\anwendungsdaten\mozilla\firefox\profiles\bqxi8mva.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=1ex61L2W8wH&search= FF - component: c:\dokumente und einstellungen\dierl\anwendungsdaten\mozilla\firefox\profiles\bqxi8mva.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\dokumente und einstellungen\dierl\anwendungsdaten\mozilla\firefox\profiles\bqxi8mva.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\dierl\anwendungsdaten\mozilla\firefox\profiles\bqxi8mva.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCore.dll FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\programme\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\programme\microsoft\office live\npOLW.dll FF - plugin: c:\programme\mozilla firefox\plugins\npclntax_ZangoSA.dll FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\programme\sony\media go\npmediago.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: content.max.tokenizing.time - 1500000 FF - user.js: content.notify.interval - 750000 FF - user.js: nglayout.initialpaint.delay - 100 . ============= SERVICES / DRIVERS =============== . R0 WDMCAPI;ISDN PCI CAPI;c:\windows\system32\drivers\WDMCAPI.sys [2005-10-9 730880] R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2009-5-25 11608] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2009-5-25 136360] R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2009-5-25 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-25 66616] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 Update-Service;Update-Service;c:\windows\system32\svchost.exe -k Update-Service [2005-10-9 14336] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-10-18 826112] R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [2004-11-29 53248] R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2005-10-8 69248] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S0 rseb;rseb; [x] S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-2-5 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600] S3 FXUSBASE;Eumex 400 (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [2004-11-29 547968] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-5-1 13224] S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-2-5 135664] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2006-2-1 19018] S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 21504] S3 Ligptt;Ligptt; [x] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-5 86824] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-5 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-5 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-5 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-5 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-5 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-5 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-5 109864] S3 UPnPService;UPnPService;c:\programme\gemeinsame dateien\magix shared\upnpservice\UPnPService.exe [2009-6-24 544768] S3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [2005-10-9 26112] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-04-11 18:34:31 -------- d-----w- c:\programme\Spybot - Search & Destroy 2012-04-11 09:32:20 -------- d-----w- c:\dokumente und einstellungen\dierl\anwendungsdaten\calibre 2012-04-11 09:31:19 -------- d-----w- c:\programme\Calibre2 2012-04-09 10:06:05 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll 2012-04-07 08:20:32 208896 ----a-w- c:\windows\system32\aptwqamjk.dll 2012-04-06 06:56:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-20 15:59:51 -------- dc----w- c:\dokumente und einstellungen\dierl\lokale einstellungen\anwendungsdaten\MigWiz 2012-03-20 15:22:28 -------- d-----w- c:\programme\Windows Easy Transfer 7 2012-03-20 10:34:39 708608 ------w- c:\windows\system32\jpgvve4z.dll 2012-03-20 10:34:39 463872 ----a-w- c:\windows\system32\ntqo3icr.sys 2012-03-17 11:16:56 -------- d-----w- c:\dokumente und einstellungen\dierl\anwendungsdaten\TuneUp Software 2012-03-17 11:15:39 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\TuneUp Software 2012-03-17 11:15:22 -------- d-sh--w- c:\dokumente und einstellungen\all users\anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-03-17 09:46:37 2106216 ----a-w- c:\programme\mozilla firefox\D3DCompiler_43.dll 2012-03-17 09:46:37 19384 ----a-w- c:\programme\mozilla firefox\AccessibleMarshal.dll 2012-03-17 09:46:36 125880 ----a-w- c:\programme\mozilla firefox\crashreporter.exe 2012-03-17 09:46:35 924600 ----a-w- c:\programme\mozilla firefox\firefox.exe 2012-03-17 09:46:35 269240 ----a-w- c:\programme\mozilla firefox\freebl3.dll 2012-03-17 09:46:35 1998168 ----a-w- c:\programme\mozilla firefox\d3dx9_43.dll 2012-03-17 09:46:34 592824 ----a-w- c:\programme\mozilla firefox\gkmedias.dll 2012-03-17 09:46:34 44472 ----a-w- c:\programme\mozilla firefox\mozglue.dll 2012-03-17 09:46:32 626688 ----a-w- c:\programme\mozilla firefox\msvcr80.dll 2012-03-17 09:46:32 548864 ----a-w- c:\programme\mozilla firefox\msvcp80.dll 2012-03-17 09:46:32 479232 ----a-w- c:\programme\mozilla firefox\msvcm80.dll 2012-03-16 18:23:57 -------- d-----w- c:\programme\Defraggler . ==================== Find3M ==================== . 2012-04-06 07:20:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-11 08:59:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-03-11 08:59:27 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-01 11:00:09 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:09:48 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:09:48 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec 2012-02-07 09:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:57:08 1860224 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 11:12:21,81 =============== |
Themen zu TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dll |
adobe, adobe flash player, antivir, antivir guard, aufrufe, avira, converter, desktop, einstellungen, excel, explorer, flash player, google, home, internet, libusb0.sys, mozilla, mp3, pdf, plug-in, programme, rundll, svchost, system, trojaner, windows, windows xp |