| |
| |||||||
Log-Analyse und Auswertung: wie werde ich den "TR/Crypt.ULPM.Gen" wieder los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.05.2008, 21:39
| #1 |
 |  wie werde ich den "TR/Crypt.ULPM.Gen" wieder los? Hallo, habe gerade ne Datei von meinem Dad bekommen und sie geöfnet.Nun Steht auf dem Desktop:Warning,Spyware detected on your computer..... Hatte natürlich wieder mal kein Virenprogramm drauf. Antivir hat 2 Viren gefunden: AntiVir PersonalEdition Premium Report file date: Montag, 12. Mai 2008 22:00 Scanning for 1036370 virus strains and unwanted programs. Licensed to: Demo Version Serial number: Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrator Computer name: HOME-PC Version information: BUILD.DAT : 307 17200 Bytes 10.09.2007 14:44:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.08.2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21.08.2007 11:35:20 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31.05.2006 11:32:40 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10.07.2007 11:32:46 ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25.08.2007 16:21:02 ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28.08.2007 06:22:36 AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29.08.2007 16:09:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03.08.2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2576424 Bytes 07.08.2007 11:51:06 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.08.2007 12:03:18 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.2007 08:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\programme\avira\antivir personaledition premium\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: H:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Montag, 12. Mai 2008 22:00 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avesvc.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'nTuneService.exe' - '1' Module(s) have been scanned Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'setup_526_1_.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'ctfmona.exe' - '1' Module(s) have been scanned Scan process 'SWTrayV4.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '39' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\dhcpsrv.exe [DETECTION] Contains suspicious code HEUR/Malware [INFO] The file was moved to '488ba42d.qua'! C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\ms1210620797.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [INFO] The file was moved to '4859a43e.qua'! C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\HAN8NEWY\count[2].php [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [INFO] The file was moved to '489da5c7.qua'! C:\WINDOWS\explorer.exe [WARNING] The file could not be read! C:\WINDOWS\system32\eio.dll [WARNING] The file could not be read! C:\WINDOWS\system32\lsass.exe [WARNING] The file could not be read! C:\WINDOWS\system32\services.exe [WARNING] The file could not be read! C:\WINDOWS\system32\spoolsv.exe [WARNING] The file could not be read! C:\WINDOWS\system32\svchost.exe [WARNING] The file could not be read! C:\WINDOWS\system32\winlogon.exe [WARNING] The file could not be read! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: Montag, 12. Mai 2008 22:27 Used time: 26:46 min The scan has been done completely. 5042 Scanning directories 180281 Files were scanned 2 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 9 Files cannot be scanned 180279 Files not concerned 1219 Archives were scanned 9 Warnings 0 Notes --------------------------------------------------------------------------- Habe nun schon ein wenig bei euch rumgesucht.Aber nicht wirklich mit erfolg. Will nicht alles neu machen.Kann mir jemand helfen? Hier noch der HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35:09, on 12.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\DAEMON Tools\daemon.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\setup_526_1_.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: pvnsmfor - {5AC18EE0-E9B2-428D-844F-6D3EEA227215} - C:\WINDOWS\pvnsmfor.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe O4 - HKLM\..\Run: [cc4ccedc] rundll32.exe "C:\WINDOWS\system32\eqwmhflt.dll",b O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [InstallProgram] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\setup_526_1_.exe O4 - HKCU\..\Run: [InetChk] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ms1210620800.exe work O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{365B165A-82ED-4A9A-8E0A-6B741F161F44}: NameServer = 213.191.74.11 213.191.92.82 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O21 - SSODL: mpfanvqg - {288FAAC6-E504-4744-B76B-1BE29B49A46D} - C:\WINDOWS\mpfanvqg.dll O21 - SSODL: vbksrofa - {ACB180AB-A94C-4594-897A-FD07257A78C9} - C:\WINDOWS\vbksrofa.dll O21 - SSODL: sQAeyZFH - {CC4CCE74-66E6-64DE-3C96-4328AFBC6A0C} - C:\WINDOWS\System32\eio.dll O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- End of file - 6039 bytes --------------------------------------------------------------------------- Hoffe da kann jemand was mit anfangen ,ich nicht  Was sollte ich ab nun vermeiden ? Banking? Surfen ? BF" zocken? Ebay`en? Für Eure schnellen Antworten bedanke ich mich jetzt schon mal im voraus. DANKE   |
| Themen zu wie werde ich den "TR/Crypt.ULPM.Gen" wieder los? |
| .dll, 0 bytes, adobe, avg, avgnt.exe, avira, canon, content.ie5, ctfmon.exe, desktop, drivers, einstellungen, firefox, helfen, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, jusched.exe, logon.exe, moved, mozilla, mozilla firefox, nt.dll, programm, quara, rthdcpl.exe, rundll, sched.exe, services.exe, skype.exe, software, spyware, svchost.exe, system, temp, tr/crypt.ulpm.gen, trojan, virus, windows, windows\system32\drivers, winlogon.exe |
Baum-Darstellung