TR/Crypt.XPACK.Gen Hilfe

teufelchenka · 06.11.2008, 20:35

TR/Crypt.XPACK.Gen

--------------------------------------------------------------------------------

Hallo,

ich hab heute einen Trojaner auf meinem PC endeckt!

Mein Virus Prog hat folgenden Virus gefunden TR/Crypt.XPACK.Gen wie bekomm ich den wieder los????

hir mein HijackThis daten

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:44, on 06.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [\YURFAD2.exe] C:\Windows\system32\YURFAD2.exe
O4 - HKLM\..\Run: [\YURFCC5.exe] C:\Windows\system32\YURFCC5.exe
O4 - HKLM\..\Run: [\YURFBCB.exe] C:\Windows\system32\YURFBCB.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [\YURA56E.exe] C:\Windows\system32\YURA56E.exe
O4 - HKCU\..\Run: [\YURA677.exe] C:\Windows\system32\YURA677.exe
O4 - HKCU\..\Run: [\YURAA1F.exe] C:\Windows\system32\YURAA1F.exe
O4 - HKCU\..\Run: [\YURABE4.exe] C:\Windows\system32\YURABE4.exe
O4 - HKCU\..\Run: [\YUR841D.exe] C:\Windows\system32\YUR841D.exe
O4 - HKCU\..\Run: [\YUR8738.exe] C:\Windows\system32\YUR8738.exe
O4 - HKCU\..\Run: [\YUR8822.exe] C:\Windows\system32\YUR8822.exe
O4 - HKCU\..\Run: [\YURA082.exe] C:\Windows\system32\YURA082.exe
O4 - HKCU\..\Run: [\YURFAD2.exe] C:\Windows\system32\YURFAD2.exe
O4 - HKCU\..\Run: [\YURFCC5.exe] C:\Windows\system32\YURFCC5.exe
O4 - HKCU\..\Run: [\YURFBCB.exe] C:\Windows\system32\YURFBCB.exe
O4 - HKCU\..\Run: [\YURFEE7.exe] C:\Windows\system32\YURFEE7.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - h**p://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - h**p://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224334959075&h=381bb37322bfab0c130f87baebf89cc9/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - h**p://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6110 bytes

teufelchenka · 06.11.2008, 21:21

jetzt fährt noch nicht einmal mein laptop mehr hoch kann nimand helfen

TR/Crypt.XPACK.Gen Hilfe

Mülltonne: TR/Crypt.XPACK.Gen Hilfe

TR/Crypt.XPACK.Gen Hilfe

TR/Crypt.XPACK.Gen Hilfe

Ähnliche Themen: TR/Crypt.XPACK.Gen Hilfe

06.11.2008, 21:21	#2
teufelchenka	TR/Crypt.XPACK.Gen Hilfe jetzt fährt noch nicht einmal mein laptop mehr hoch kann nimand helfen __________________