Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.

Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.


Plagegeister aller Art und deren Bekämpfung: Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.01.2015, 18:35   #5
Focke
 
Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen. - Standard

Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.01.2015
Suchlauf-Zeit: 16:29:21
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.31.03
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Focke

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 390499
Verstrichene Zeit: 9 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=101ad16867cd8f47bd228888d4355e15
# engine=22242
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-31 05:23:37
# local_time=2015-01-31 06:23:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 101423 39484699 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 92190 174354867 0 0
# scanned=519598
# found=1
# cleaned=0
# scan_time=5715
sh=D86D2FC37B1FED635CAF6F25254D7A575466ED1E ft=1 fh=7614c1446a9b863f vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="F:\Users\Focke\Downloads Chrome\FFSetup3.3.4.0.exe"

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by Focke (administrator) on FOCKE-PC on 31-01-2015 18:33:01
Running from C:\Users\Focke\Downloads
Loaded Profiles: Focke & UpdatusUser &  (Available profiles: Focke & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Tobit.Software) F:\Tobit Radio.fx\Client\rfx-tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() F:\Tobit Radio.fx\Server\rfx-server.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Farbar) C:\Users\Focke\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-06-14] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-16] (Microsoft Corporation)
HKU\S-1-5-21-1307189488-569850603-555512856-1000\...\Run: [rfxsrvtray] => F:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1307189488-569850603-555512856-1000\...\Run: [DAEMON Tools Lite] => F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1307189488-569850603-555512856-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1307189488-569850603-555512856-1000\...\MountPoints2: {8c294d1d-4ea2-11e3-aaf9-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-1307189488-569850603-555512856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [rfxsrvtray] => F:\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKU\S-1-5-21-1307189488-569850603-555512856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1307189488-569850603-555512856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1307189488-569850603-555512856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8c294d1d-4ea2-11e3-aaf9-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1307189488-569850603-555512856-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Focke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1307189488-569850603-555512856-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Focke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-28]
CHR Extension: (Google Docs) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-26]
CHR Extension: (Google Drive) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-26]
CHR Extension: (Adblock Plus) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-28]
CHR Extension: (Google-Suche) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-26]
CHR Extension: (Avira Browserschutz) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-16]
CHR Extension: (Google Mail) - C:\Users\Focke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-26]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [56648 2014-12-15] (Google Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 Radio.fx; F:\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
S2 SkypeUpdate; F:\Program Files (x86)\Skype\Updater\Updater.exe [315008 2014-04-03] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-06] (Disc Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 18:32 - 2015-01-31 18:32 - 02130944 _____ (Farbar) C:\Users\Focke\Downloads\FRST64 (1).exe
2015-01-31 16:44 - 2015-01-31 16:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-31 16:43 - 2015-01-31 16:44 - 02347384 _____ (ESET) C:\Users\Focke\Downloads\esetsmartinstaller_deu.exe
2015-01-31 16:41 - 2015-01-31 16:41 - 00001200 _____ () C:\Users\Focke\Desktop\mbam.txt
2015-01-31 16:28 - 2015-01-31 16:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 16:28 - 2015-01-31 16:28 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-31 16:28 - 2015-01-31 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-31 16:28 - 2015-01-31 16:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-31 16:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 16:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 16:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 16:27 - 2015-01-31 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Focke\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-30 16:25 - 2015-01-30 16:25 - 00002200 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2015-01-30 16:25 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5912.dll
2015-01-30 16:18 - 2015-01-30 16:18 - 02338824 _____ () C:\Users\Focke\Downloads\hppiw.exe
2015-01-30 16:15 - 2015-01-30 16:20 - 123809984 _____ () C:\Users\Focke\Downloads\OJ8600_1315-1.exe
2015-01-30 16:03 - 2015-01-30 16:03 - 05165056 _____ () C:\Users\Focke\Downloads\HPSupportSolutionsFramework-11.51.0048.msi
2015-01-30 16:03 - 2015-01-30 16:03 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-30 15:52 - 2015-01-30 15:52 - 07169624 _____ () C:\Users\Focke\Downloads\HPPSdr.exe
2015-01-30 08:03 - 2015-01-31 18:33 - 00017840 _____ () C:\Users\Focke\Downloads\FRST.txt
2015-01-30 08:03 - 2015-01-30 08:06 - 00023850 _____ () C:\Users\Focke\Downloads\Addition.txt
2015-01-30 08:02 - 2015-01-31 18:33 - 00000000 ____D () C:\FRST
2015-01-30 08:02 - 2015-01-30 08:02 - 02130432 _____ (Farbar) C:\Users\Focke\Downloads\FRST64.exe
2015-01-29 17:48 - 2015-01-29 17:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Focke\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-29 15:40 - 2015-01-29 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-28 17:34 - 2015-01-28 17:34 - 00000000 ____D () C:\Users\Focke\AppData\Roaming\SumatraPDF
2015-01-26 21:37 - 2015-01-26 21:40 - 00000000 ____D () C:\Users\Focke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-01-26 21:37 - 2015-01-26 21:37 - 00000000 ____D () C:\Users\Focke\voip
2015-01-26 21:35 - 2015-01-26 21:37 - 37968904 _____ (ICQ) C:\Users\Focke\Downloads\icq_rfrset.exe
2015-01-14 12:59 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:59 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:59 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:59 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:59 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:59 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:59 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 12:58 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:58 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:58 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:58 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:58 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:58 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-11 14:26 - 2015-01-11 14:26 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-11 14:25 - 2015-01-11 14:26 - 05006832 _____ (Adobe Systems Inc.) C:\Users\Focke\Downloads\Shockwave_Installer_Slim.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 07718224 _____ (TeamViewer GmbH) C:\Users\Focke\Downloads\TeamViewer_Setup_de (2).exe
2015-01-06 14:48 - 2015-01-06 14:48 - 01399727 _____ () C:\Users\Focke\Downloads\3d_pinball_for_windows_-_space_cadet.exe
2015-01-06 14:48 - 2015-01-06 14:48 - 00000000 ____D () C:\Users\Focke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-06 14:48 - 2015-01-06 14:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 17:54 - 2013-11-16 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 17:36 - 2013-11-16 10:41 - 01654414 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 16:47 - 2013-12-23 15:32 - 00000000 ____D () C:\Users\Focke\Documents\ManiaPlanet
2015-01-31 16:35 - 2013-12-23 15:32 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2015-01-31 16:32 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 16:32 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 16:31 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-01-31 16:31 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-01-31 16:31 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-31 16:25 - 2013-11-16 17:51 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 16:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 16:25 - 2009-07-14 05:51 - 00248146 _____ () C:\Windows\setupact.log
2015-01-30 20:35 - 2013-11-16 14:32 - 00418404 _____ () C:\Windows\PFRO.log
2015-01-30 20:35 - 2009-07-14 05:45 - 00458552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 16:25 - 2014-02-24 21:36 - 00000000 ____D () C:\Users\Focke\AppData\Roaming\HpUpdate
2015-01-30 16:25 - 2014-02-24 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-30 16:25 - 2014-02-24 21:36 - 00000000 ____D () C:\ProgramData\HP
2015-01-30 16:25 - 2014-02-24 21:36 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-30 16:24 - 2013-11-16 17:43 - 00113864 _____ () C:\Users\Focke\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 15:40 - 2014-08-14 11:14 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-29 15:40 - 2014-08-14 11:14 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-29 15:40 - 2013-11-16 17:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-27 17:01 - 2013-11-16 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 21:37 - 2013-11-16 10:41 - 00000000 ____D () C:\Users\Focke
2015-01-16 19:07 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 16:46 - 2013-11-16 12:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:44 - 2013-11-16 12:29 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 14:48 - 2013-11-25 17:33 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-06 04:36 - 2013-11-16 12:02 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-02-03 17:34 - 2014-02-04 13:56 - 0006144 _____ () C:\Users\Focke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-18 15:40 - 2013-12-18 15:40 - 0001432 _____ () C:\Users\Focke\AppData\Local\RecConfig.xml
2014-05-11 21:04 - 2014-05-11 21:04 - 0001236 _____ () C:\Users\Focke\AppData\Local\recently-used.xbel
2013-12-08 16:23 - 2013-12-08 16:23 - 0000017 _____ () C:\Users\Focke\AppData\Local\resmon.resmoncfg
2014-02-24 21:36 - 2014-02-24 21:36 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Focke\AppData\Local\Temp\avgnt.exe
C:\Users\Focke\AppData\Local\Temp\icqsetup.exe
C:\Users\Focke\AppData\Local\Temp\ose00001.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 16:07

==================== End Of Log ============================
--- --- ---

--- --- ---


 

Themen zu Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.
abend, antivir, avira, durchgeführt, entferne, entfernen, erfolgreich, folge, folgende, folgendes, gefunde, guten, löschen, scan, tr/crypt.zpack.gen, tr/crypt.zpack.gen4, virenscan, virus, virus gefunden


« komische Musik wie Filmmusik im Hintergrund am PC | Programm hat sich Automatisch installiert inklusive Viren »


Ähnliche Themen: Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen.


  1. Malwarebytes erkannte "DTSGainCompensatorDLL.dll" als Trojan.crypt kann ich mein System noch bereinigen oder sollte ich es platt machen?
    Plagegeister aller Art und deren Bekämpfung - 26.11.2015 (15)
  2. Virus oder Trojaner in "C:\Programme\Settings Manager\smdmf\" gefunden, lässt sich aber nicht entfernen
    Log-Analyse und Auswertung - 28.10.2014 (9)
  3. Trojaner "TR/Crypt.ZPACK.62508" mit AVIRA gefunden !
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (11)
  4. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  5. "TR/Crypt.ZPACK.Gen" - infiziert? - Entdecken - Entfernen?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (7)
  6. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  7. PC nach Befall durch "TR/Crypt.XPACK.Gen" und "TR/Crypt.ZPACK.Gen2" extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (7)
  8. Antivir hat folgende Trojaner Meldung entdeckt TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (18)
  9. Nach Entfernung von Antivir SP findet antivir "zydxc.sys" - kann nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (26)
  10. TR/Crypt.ZPACK.Gen ist mein Rechner jetzt "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2010 (15)
  11. "msn" virus, kann den nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (24)
  12. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys
    Plagegeister aller Art und deren Bekämpfung - 19.06.2010 (7)
  13. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen (trojan)" - Was nun? (inkl. Hjackthis-File)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (1)
  14. Antivir findet mehrfach "tr/crypt.xpack.gen", is mein PC sauber?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (10)
  15. bekomme Virus "TR/Crypt.ZPACK.Gen" nicht los
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (10)
  16. Crypt.ZPACK.Gen - ist mein Rechner jetzt endlich wieder "sauber"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (1)
  17. AntiVir meldet "TR/Crypt.XPACK.gen" kann ihn aber nicht entfernen
    Log-Analyse und Auswertung - 05.06.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen. - Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.01.2015 Suchlauf-Zeit: 16:29:21 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.31.03 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert - Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen....
Archiv
Du betrachtest: Mein antivir hat folgende virus gefunden:" tr/crypt.zpack.gen4 " kann ihn nicht entfernen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131