Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 11.07.2012, 19:38   #1
please-help
 
TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne -  was jetzt tun ? - Standard

TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?



Am 10.07.12 wurde mir beim Surfen der Download einer pdf-Datei mit der vierstelligen Nummer als Titel zum Download angeboten. Da mir das unseriös vorkam, da ich kein Download angefordert hatte habe ich rechts oben im Dialogfeld das weiße Kreuz auf rotem Quadrat geklickt , um das Dialogfeld zu schliessen. Meine Vermutung: Genau mit diesem Vorgang habe ich mir die Malware auf den Rechner geladen, denn wenige Sekunden später meldete mein aktuelles Avira Free Antivirus den Schädling TR/Crypt.ZPack.Gen8 und nahm ihn in Quarantäne.
Daraufhin lies ich den Spywareterminator 2012, CCleaner und Malwarebytes durchlaufen.

Ich bin mir nicht sicher, ob mein Rechner zuvor "clean"war: Zuvor meldete mir Avira am 17.6.12 beim Update von phonostar die Datei APPL/Yabector.Gen5 und nahm diesen in Quarantäne, wo er jetzt noch mit dem TR/Crypt.ZPack.Gen8 liegt.

Zuvor hatte ich am 29.02.12 vermutlich das Bundespolizei-Virus. Die Dateien dazu, die Malwarebytes an diesem Tag um 09:03 in Quarantäne nahm, sind PUM.HiJack.StartMenu und Malware.Trace.

Ach ja- seit Längerem habe ich noch eine Amazon Toolbar in der Systemsteuereung unter Programmen stehen, kann sie aber nicht entfernen.

Probleme mit der Rechnergeschwindigkeit oder sonstige verdächtige Vorkommnisse hatte ich in den letzten Monaten seit Februar nicht. Nun bin ich aber doch stutzig geworden, ob die o.g. Vorkommnisse zusammenhängen.
Ich würde gerne wissen, was ich mit den Dateien machen soll, die sich in Quarantäne von AntiVir und Malwarebytes befinden. Welche minimalen bzw. welche sicheren Maßnahmen empfehlt ihr? Logs von OTL, Malwarebytes und GMER habe ich angehängt.

Ich danke euch jetzt schon für euren fachkundigen Rat!

---------
OTL logfile created on: 10.07.2012 17:50:02 - Run 4
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Program Files\Hilfsprogramme\OTL Oldtimer
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,91% Memory free
4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 258,05 Gb Total Space | 168,91 Gb Free Space | 65,46% Space Free | Partition Type: NTFS
Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS
Drive X: | 160,09 Gb Total Space | 53,28 Gb Free Space | 33,28% Space Free | Partition Type: NTFS
Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS

Computer Name: 03-PC | User Name: chronos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RAUM_1\Desktop\Defogger.exe ()
PRC - C:\Programme\Hilfsprogramme\OTL Oldtimer\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Users\RAUM_1\Desktop\Defogger.exe ()
MOD - C:\Programme\Hilfsprogramme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Hilfsprogramme\DiskDefrag\Auslogics Disk Defrag\ausshellext.dll ()
MOD - C:\Programme\Common Files\Acronis\Common\gc.dll ()


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)


========== Driver Services (SafeList) ==========

DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {307E6955-6CF9-4791-A645-558FBCD6A46B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*

IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox10\components [2012.05.03 09:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox 13\components [2012.06.10 11:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox 13\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox7\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox7\plugins

[2008.09.02 12:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Extensions
[2012.02.29 13:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions
[2010.06.24 15:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.17 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.10 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions
[2012.06.10 11:21:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.04.23 22:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox10\extensions
[2012.05.03 09:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.02.29 13:05:57 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\CHRONOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQNN3MJF.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2009.04.10 17:10:06 | 000,312,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10751 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TBSB03603 Class) - {5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Programme\Copernic\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000..\Run: [Vidalia] C:\Program Files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004..\Run: [RfxSrvTray] "C:\Program Files\RadioFX\Tobit Radio.fx\Client\rfx-tray.exe" File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found
O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.08 21:39:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.06.14 15:12:55 | 000,182,852 | ---- | M] () - X:\autokosten betriebsausgabe test.pdf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.10 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2009.12.03 23:30:22 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job
[2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable
[2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 08:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 08:48:46 | 2143,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 10:36:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012.07.04 16:30:40 | 000,638,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 16:30:40 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 16:30:40 | 000,130,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 16:30:40 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.14 10:19:23 | 000,708,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.10 17:47:49 | 000,000,000 | ---- | C] () -- C:\Users\chronos\defogger_reenable
[2012.07.05 10:35:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012.02.28 17:05:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.09.06 20:26:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.02.17 21:59:15 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.17 21:59:06 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.16 13:00:32 | 000,001,074 | RH-- | C] () -- C:\Users\chronos\XrxWm.ini
[2008.10.16 13:00:31 | 000,000,522 | RH-- | C] () -- C:\Users\chronos\xw45cpdy.dyc
[2007.08.11 21:41:08 | 000,000,086 | ---- | C] () -- C:\Users\chronos\AppData\Roaming\wklnhst.dat
[2007.08.10 20:03:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.08.09 18:36:21 | 000,000,680 | RHS- | C] () -- C:\Users\chronos\ntuser.pol
[2007.08.09 15:23:34 | 000,007,680 | ---- | C] () -- C:\Users\chronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.08 16:00:41 | 000,000,095 | ---- | C] () -- C:\Users\chronos\AppData\Local\fusioncache.dat

========== LOP Check ==========

[2007.09.08 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ACD Systems
[2007.08.09 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Acronis
[2008.11.11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Alien Skin
[2008.01.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ASCOMP Software
[2012.01.29 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Auslogics
[2009.02.04 10:18:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Copernic
[2007.08.08 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DataDesign
[2010.06.25 09:37:13 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DeepBurner
[2010.07.13 08:33:56 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\JAM Software
[2008.03.31 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\McNeel
[2010.03.14 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\OpenOffice.org
[2011.01.13 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar GmbH
[2009.10.02 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar-Player
[2012.02.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator
[2007.08.11 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Template
[2011.05.31 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Tobit
[2008.05.16 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\WinBatch
[2007.09.08 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\ACD Systems
[2012.02.01 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Auslogics
[2012.07.08 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Canon
[2008.10.16 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\CDZilla
[2009.02.04 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Copernic
[2007.08.15 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DataDesign
[2009.06.11 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DeepBurner
[2012.05.30 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\elsterformular
[2010.07.13 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\JAM Software
[2010.03.27 01:24:06 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\McNeel
[2011.03.30 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia
[2011.03.30 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia Ovi Suite
[2009.10.15 13:49:24 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Octoshape
[2010.02.10 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\OpenOffice.org
[2011.03.29 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PC Suite
[2012.02.01 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PeaZip
[2009.10.02 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar GmbH
[2012.06.17 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar-Player
[2007.10.20 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Template
[2010.09.06 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Tobit
[2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.09 22:35:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job

========== Purity Check ==========



< End of report >

 

Themen zu TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?
ad-aware, adobe, antivirus, appl/yabector.gen5, avg, avira, bho, defender, desktop, error, explorer, firefox, format, home, intranet, logfile, malware, nicht sicher, object, plug-in, realtek, registry, scan, schädling, searchscopes, sekunden, software, spyware, symantec, vcredist, vista




Ähnliche Themen: TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?


  1. MWB hat PUM.Hijack.StartMenu gefunden und in Quarantäne verschoben
    Log-Analyse und Auswertung - 08.01.2015 (13)
  2. TR/Crypt.ZPACK.Gen8 windows vista
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (19)
  3. TR/Crypt.ZPACK.Gen8 gefunden
    Log-Analyse und Auswertung - 23.01.2014 (5)
  4. TR/Crypt.ZPACK.Gen8 + TR/Injector.M
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (9)
  5. TR/Crypt.ZPACK.Gen8' [trojan] Malware
    Log-Analyse und Auswertung - 12.04.2013 (31)
  6. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  7. TR/Crypt/ZPACK.Gen8 in Avira Quarantäne
    Log-Analyse und Auswertung - 04.03.2013 (20)
  8. TR/Crypt.ZPACK.Gen8 und zweimal Adware
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (16)
  9. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  10. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  11. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  12. crypt.zpack.gen8, Trojaner auslöschen
    Log-Analyse und Auswertung - 16.05.2012 (6)
  13. TR/Crypt.ZPACK.Gen8 auf meinem Labtop
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (9)
  14. tr/crypt.zpack.gen8 Desktop schwarz, kein Dateizugriff, Startmenu leer
    Log-Analyse und Auswertung - 06.05.2012 (26)
  15. TR/Crypt.ZPack.Gen8 - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  16. (XPOST) TR/Crypt.ZPACK.Gen8 und die Folgen. Was tun?
    Mülltonne - 06.04.2012 (1)
  17. TR/Crypt.ZPack.Gen8 Advira fehler- wie entfernen?!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (3)

Zum Thema TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? - Am 10.07.12 wurde mir beim Surfen der Download einer pdf-Datei mit der vierstelligen Nummer als Titel zum Download angeboten. Da mir das unseriös vorkam, da ich kein Download angefordert hatte - TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?...
Archiv
Du betrachtest: TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.